omero-web@5.6.dev4 vulnerabilities
OMERO.web
latest version
5.29.1
latest non vulnerable version
first published
5 years ago
latest version published
12 days ago
licenses detected
- [5.5.dev2,)
Direct Vulnerabilities
Known vulnerabilities in the omero-web package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
omero-web is an OMERO.web Affected versions of this package are vulnerable to Improper Input Validation via the How to fix Improper Input Validation? Upgrade | [,5.26.0) |
omero-web is an OMERO.web Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of How to fix Cross-site Scripting (XSS)? Upgrade | [,5.11.0) |
omero-web is an OMERO.web Affected versions of this package are vulnerable to Information Exposure. If a user clicks a malicious link in OMERO.web, sensitive information in query parameters may be exposed via the How to fix Information Exposure? Upgrade | [,5.6.3) |
omero-web is an OMERO.web Affected versions of this package are vulnerable to Information Exposure. OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. How to fix Information Exposure? Upgrade | [,5.9.0) |
omero-web is an OMERO.web Affected versions of this package are vulnerable to Improper Input Validation. OMERO.web supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. How to fix Improper Input Validation? Upgrade | [,5.9.0) |