Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openmicroscopy omero.web vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-41132
OMERO.web provides a web based client and plugin infrastructure. In versions before 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scriptin...
Openmicroscopy Omero-figure
Openmicroscopy Omero-web
6.5
CVSSv3
CVE-2021-21376
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents ...
Openmicroscopy Omero.web
5.4
CVSSv3
CVE-2021-21377
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.w...
Openmicroscopy Omero.web
5.7
CVSSv3
CVE-2020-7932
OMERO.web prior to 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header se...
Openmicroscopy Omero.web
1 Github repository
7.2
CVSSv3
CVE-2018-1000633
The Open Microscopy Environment OMERO.web version before 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear ...
Openmicroscopy Omero
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started