OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T03:07:46.755Z

Reserved: 2024-05-10T14:24:24.339Z

Link: CVE-2024-35180

cve-icon Vulnrichment

Updated: 2024-08-02T03:07:46.755Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-21T13:15:08.813

Modified: 2024-11-21T09:19:52.763

Link: CVE-2024-35180

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.