GHSA-j4gv-6x9v-v23g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-j4gv-6x9v-v23g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-j4gv-6x9v-v23g/GHSA-j4gv-6x9v-v23g.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-j4gv-6x9v-v23g
- Published
- 2025-11-24T23:35:30Z
- Modified
- 2025-11-25T04:42:31.609437Z
- Severity
-
- 1.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U CVSS Calculator
- Summary
- OMERO.web uses jquery-form library, which may be vulnerable to XSS attack
- Details
-
Impact
OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks.
Patches
User should upgrade OMERO.web to 5.29.3 or higher.
Workarounds
None.
Resources
https://github.com/jquery-form/form/issues/604
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2025-11-24T23:35:30Z", "severity": "LOW", "github_reviewed": true }- References
Affected packages
PyPI / omero-web
Package
- Name
- omero-web
- View open source insights on deps.dev
- Purl
- pkg:pypi/omero-web
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.29.3
Affected versions
5.*
5.5.dev1
5.5.dev2
5.6.dev1
5.6.dev2
5.6.dev3
5.6.dev4
5.6.dev5
5.6.dev6
5.6.dev7
5.6.0
5.6.1
5.6.2
5.6.3
5.7.0
5.7.1
5.8.0
5.8.1
5.9.0
5.9.1
5.9.2
5.10.0
5.11.0rc1
5.11.0
5.12.0
5.12.1
5.13.0
5.14.0rc1
5.14.0
5.14.1
5.15.0
5.16.0
5.17.0
5.18.0
5.19.0
5.20.0
5.21.0
5.22.0
5.22.1
5.23.0
5.23.1.dev0
5.24.0
5.25.0
5.26.0
5.27.0
5.27.1
5.27.2
5.28.0
5.29.0
5.29.1
5.29.2