OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 29 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Openmicroscopy
Openmicroscopy omero-web
CPEs cpe:2.3:a:openmicroscopy:omero-web:*:*:*:*:*:*:*:*
Vendors & Products Openmicroscopy
Openmicroscopy omero-web

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T03:07:46.755Z

Reserved: 2024-05-10T14:24:24.339Z

Link: CVE-2024-35180

cve-icon Vulnrichment

Updated: 2024-08-02T03:07:46.755Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-21T13:15:08.813

Modified: 2025-09-29T18:01:01.820

Link: CVE-2024-35180

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.