Home > Vulnerability Database > CVE-2024-35180

Mend.io Vulnerability Database

CVE-2024-35180

Good to know:

Date: May 21, 2024

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the "callback" parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.

Language: Python

Severity Score

6.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35180

Url: https://github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gq

Url: https://github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aa

Url: https://github.com/ome/omero-web

Url: https://www.mend.io/vulnerability-database/CVE-2024-35180

Severity Score

6.1

Weakness Type (CWE)

Inclusion of Web Functionality from an Untrusted Source

CWE-830

Top Fix

Upgrade Version

Upgrade to version omero-web - 5.26.0

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35180

Good to know:

Date: May 21, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?