CVE-2024-35180

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt