Vulnerability	Vulnerable Version
M Improper Input Validation omero-web is an OMERO.web Affected versions of this package are vulnerable to Improper Input Validation via the `callback` parameter. An attacker can exploit this vulnerability by passing a maliciously crafted payload to various endpoints with JSONP enabled. How to fix Improper Input Validation? Upgrade `omero-web` to version 5.26.0 or higher.	[,5.26.0)
M Cross-site Scripting (XSS) omero-web is an OMERO.web Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of `jQuery.html()`, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. How to fix Cross-site Scripting (XSS)? Upgrade `omero-web` to version 5.11.0 or higher.	[,5.11.0)

Improper Input Validation

omero-web is an OMERO.web

Affected versions of this package are vulnerable to Improper Input Validation via the callback parameter. An attacker can exploit this vulnerability by passing a maliciously crafted payload to various endpoints with JSONP enabled.

How to fix Improper Input Validation?

Upgrade omero-web to version 5.26.0 or higher.

[,5.26.0)

Cross-site Scripting (XSS)

omero-web is an OMERO.web

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html(), there are a whole host of XSS possibilities with specially crafted input to a variety of fields.

How to fix Cross-site Scripting (XSS)?

Upgrade omero-web to version 5.11.0 or higher.

[,5.11.0)

Go back to all versions of this package