Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OMERO.web JSONP callback vulnerability
Vulnerability Description
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
从非可信源包含Web功能例程
Vulnerability Title
OMERO.web 安全漏洞
Vulnerability Description
OMERO.web是Open Microscopy Environment团队的一款用于从Web浏览器查看OMERO服务器上图像的客户端程序。 OMERO.web 5.25.0及之前版本存在安全漏洞,该漏洞源于无法对callback参数进行转义或验证。
CVSS Information
N/A
Vulnerability Type
N/A