omero-web@5.11.0rc1 vulnerabilities

OMERO.web

Direct Vulnerabilities

Known vulnerabilities in the omero-web package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Input Validation

omero-web is an OMERO.web

Affected versions of this package are vulnerable to Improper Input Validation via the callback parameter. An attacker can exploit this vulnerability by passing a maliciously crafted payload to various endpoints with JSONP enabled.

How to fix Improper Input Validation?

Upgrade omero-web to version 5.26.0 or higher.

[,5.26.0)
  • M
Cross-site Scripting (XSS)

omero-web is an OMERO.web

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html(), there are a whole host of XSS possibilities with specially crafted input to a variety of fields.

How to fix Cross-site Scripting (XSS)?

Upgrade omero-web to version 5.11.0 or higher.

[,5.11.0)