OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-21T12:33:02.639Z
Updated: 2024-06-04T17:34:51.270Z
Reserved: 2024-05-10T14:24:24.339Z
Link: CVE-2024-35180
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-05-21T13:15:08.813
Modified: 2024-05-21T16:54:35.880
Link: CVE-2024-35180
JSON object: View
Redhat Information
No data.
CWE