GHSA-j4gv-6x9v-v23g

Опубликовано: 24 нояб. 2025

Источник: github

Github: Прошло ревью

CVSS4: 1.3

Описание

OMERO.web uses jquery-form library, which may be vulnerable to XSS attack

Impact

OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks.

Patches

User should upgrade OMERO.web to 5.29.3 or higher.

Workarounds

None.

Resources

https://github.com/jquery-form/form/issues/604

Ссылки

https://github.com/ome/omero-web/security/advisories/GHSA-j4gv-6x9v-v23g
https://github.com/jquery-form/form/issues/604
https://github.com/ome/omero-web/commit/a3eadf722cfada2b844b97abe65baf5856e77c4f

Пакеты

Наименование

omero-web

pip

Затронутые версииВерсия исправления

< 5.29.3

5.29.3

1.3 Low

CVSS4

Дефекты

CWE-79

1.3 Low

CVSS4

Дефекты

CWE-79