omero-web 5.9.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the omero-web package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Information Exposure omero-web is an OMERO.web Affected versions of this package are vulnerable to Information Exposure via the `getGuestConnection` function in the `webadmin/views.py` file. An attacker can obtain unnecessary user information by triggering error messages during password reset attempts. How to fix Information Exposure? Upgrade `omero-web` to version 5.29.2 or higher.	[,5.29.2)
M Improper Input Validation omero-web is an OMERO.web Affected versions of this package are vulnerable to Improper Input Validation via the `callback` parameter. An attacker can exploit this vulnerability by passing a maliciously crafted payload to various endpoints with JSONP enabled. How to fix Improper Input Validation? Upgrade `omero-web` to version 5.26.0 or higher.	[,5.26.0)
M Cross-site Scripting (XSS) omero-web is an OMERO.web Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of `jQuery.html()`, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. How to fix Cross-site Scripting (XSS)? Upgrade `omero-web` to version 5.11.0 or higher.	[,5.11.0)

Vulnerability

Vulnerable Version

Information Exposure

omero-web is an OMERO.web

Affected versions of this package are vulnerable to Information Exposure via the getGuestConnection function in the webadmin/views.py file. An attacker can obtain unnecessary user information by triggering error messages during password reset attempts.

How to fix Information Exposure?

Upgrade omero-web to version 5.29.2 or higher.

[,5.29.2)

Improper Input Validation

omero-web is an OMERO.web

Affected versions of this package are vulnerable to Improper Input Validation via the callback parameter. An attacker can exploit this vulnerability by passing a maliciously crafted payload to various endpoints with JSONP enabled.

How to fix Improper Input Validation?

Upgrade omero-web to version 5.26.0 or higher.

[,5.26.0)

Cross-site Scripting (XSS)

omero-web is an OMERO.web

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html(), there are a whole host of XSS possibilities with specially crafted input to a variety of fields.

How to fix Cross-site Scripting (XSS)?

Upgrade omero-web to version 5.11.0 or higher.

[,5.11.0)

omero-web@5.9.2 vulnerabilities

OMERO.web

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically