OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| omero-web(PyPI) | 0 | 5.26.0 | N/A |
CVSS Metrics
