PYSEC-2021-379

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/omero-figure/PYSEC-2021-379.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2021-379

Aliases

Published

2021-10-14T16:15:00Z

Modified

2023-11-08T04:06:52.354646Z

Summary

[none]

Details

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html(), there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading.

References

Affected packages

PyPI / omero-figure

Package

Name: omero-figure; View open source insights on deps.dev
Purl: pkg:pypi/omero-figure

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.1

Affected versions

2.*

2.0.0

2.0.1

3.*

3.0.0

3.1.0

3.1.1

3.1.2

3.2.0

3.2.1

4.*

4.0.0

4.0.1

4.0.2

4.1.0

4.2.dev1

4.2.0

4.3.0

4.3.1

4.3.2

4.4.0