omero-web@5.6.dev3 vulnerabilities
OMERO.web
-
latest version
5.25.0
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
2 months ago
-
licenses detected
- [5.5.dev2,)
Direct Vulnerabilities
Known vulnerabilities in the omero-web package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
omero-web is an OMERO.web Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.11.0)
|
omero-web is an OMERO.web Affected versions of this package are vulnerable to Information Exposure. If a user clicks a malicious link in OMERO.web, sensitive information in query parameters may be exposed via the How to fix Information Exposure? Upgrade |
[,5.6.3)
|
omero-web is an OMERO.web Affected versions of this package are vulnerable to Information Exposure. OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. How to fix Information Exposure? Upgrade |
[,5.9.0)
|
omero-web is an OMERO.web Affected versions of this package are vulnerable to Improper Input Validation. OMERO.web supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. How to fix Improper Input Validation? Upgrade |
[,5.9.0)
|