CVE-2021-41132

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-41132

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41132.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-41132

Aliases

Related

GHSA-g67g-hvc3-xmvf

Published

2021-10-14T16:15:09.447Z

Modified

2026-02-24T11:40:58.734873Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html(), there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading.

References

Affected packages

Git / github.com/ome/omero-web

Affected ranges

Type: GIT
Repo: https://github.com/ome/omero-web
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ee14a6352563c4fe36f5c5fd539f18be8494d5c3

Affected versions

v5.*

v5.11.0.rc1

v5.5.dev1

v5.5.dev2

v5.6.0

v5.6.1

v5.6.2

v5.6.3

v5.6.dev1

v5.6.dev2

v5.6.dev3

v5.6.dev4

v5.6.dev5

v5.6.dev6

v5.6.dev7

v5.7.0

v5.7.1

v5.8.0

v5.8.1

v5.9.0

v5.9.1

v5.9.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41132.json"