Search for vulnerabilities
| Vulnerability ID | VCID-mszv-dp77-ckdf |
| Aliases |
CVE-2021-41132
GHSA-g67g-hvc3-xmvf PYSEC-2021-372 PYSEC-2021-379 |
| Summary | OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| There are no known severity scores. | ||
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-02T04:14:48.289626+00:00 | Pypa Importer | Import | https://github.com/pypa/advisory-database/blob/main/vulns/omero-web/PYSEC-2021-372.yaml | 38.6.0 |