CVE-2024-35180
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35180
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35180.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35180
- Aliases
- Published
- 2024-05-21T12:33:02Z
- Modified
- 2025-10-22T18:42:19.266389Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- OMERO.web JSONP callback vulnerability
- Details
-
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the
callbackparameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0. - Database specific
{ "cwe_ids": [ "CWE-830" ] }- References
Affected packages
Git / github.com/ome/omero-web
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ome/omero-web
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v5.*
v5.11.0
v5.11.0.rc1
v5.12.0
v5.12.1
v5.13.0
v5.14.0
v5.14.0.rc1
v5.14.1
v5.15.0
v5.16.0
v5.17.0
v5.18.0
v5.19.0
v5.20.0
v5.21.0
v5.22.0
v5.22.1
v5.23.0
v5.24.0
v5.25.0
v5.5.dev1
v5.5.dev2
v5.6.0
v5.6.1
v5.6.2
v5.6.3
v5.6.dev1
v5.6.dev2
v5.6.dev3
v5.6.dev4
v5.6.dev5
v5.6.dev6
v5.6.dev7
v5.7.0
v5.7.1
v5.8.0
v5.8.1
v5.9.0
v5.9.1
v5.9.2