CVE-2021-41132

More information about this CVE will likely be available in a few days.

Description

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading.

Related CPE's

Could not find any relations

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics