Vulnerability Details CVE-2024-35180
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.3%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aa
- https://github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gq
- https://github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aa
- https://github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gq
Products affected by CVE-2024-35180
-
cpe:2.3:a:openmicroscopy:omero-web:-
-
cpe:2.3:a:openmicroscopy:omero-web:5.11.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.12.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.12.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.13.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.14.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.14.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.15.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.16.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.17.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.18.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.19.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.20.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.21.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.22.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.22.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.23.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.24.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.25.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.5
-
cpe:2.3:a:openmicroscopy:omero-web:5.6
-
cpe:2.3:a:openmicroscopy:omero-web:5.6.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.6.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.6.2
-
cpe:2.3:a:openmicroscopy:omero-web:5.6.3
-
cpe:2.3:a:openmicroscopy:omero-web:5.7.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.7.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.8.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.8.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.9.0
-
cpe:2.3:a:openmicroscopy:omero-web:5.9.1
-
cpe:2.3:a:openmicroscopy:omero-web:5.9.2