OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-10-14T15:45:12
Updated: 2024-08-04T02:59:31.416Z
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41132
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-10-14T16:15:09.447
Modified: 2021-10-20T19:14:48.183
Link: CVE-2021-41132
Redhat
No data.