Security Advisory

CVE-2024-35180

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-21 12:33:02

Last updated 2024-08-02 03:07:46

Assigner GitHub_M

State PUBLISHED

Description

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.

← Browse all CVEs View on cve.org ↗