{"id":"CVE-2021-41132","details":"OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There are no known workarounds aside from upgrading.","aliases":["GHSA-g67g-hvc3-xmvf","PYSEC-2021-372","PYSEC-2021-379"],"modified":"2026-04-10T04:39:01.916678Z","published":"2021-10-14T16:15:09.447Z","related":["GHSA-g67g-hvc3-xmvf"],"references":[{"type":"ADVISORY","url":"https://github.com/ome/omero-web/security/advisories/GHSA-g67g-hvc3-xmvf"},{"type":"ADVISORY","url":"https://www.openmicroscopy.org/security/advisories/2021-SV3/"},{"type":"FIX","url":"https://github.com/ome/omero-web/commit/0168067accde5e635341b3c714b1d53ae92ba424"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ome/omero-figure","events":[{"introduced":"0"},{"fixed":"cfcf3a3468d36fef6ac5baacc0fd813ab85e6d65"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.4.1"}]}},{"type":"GIT","repo":"https://github.com/ome/omero-web","events":[{"introduced":"0"},{"fixed":"ee14a6352563c4fe36f5c5fd539f18be8494d5c3"},{"fixed":"0168067accde5e635341b3c714b1d53ae92ba424"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.11.0"}]}}],"versions":["v1.0.0","v1.0.0-beta1","v1.0.0-beta2","v1.1.0","v1.1.1","v1.2.0","v1.2.0-rc1","v1.2.0-rc2","v1.2.0-rc3","v1.2.0-rc5","v1.2.1","v1.2.1-rc1","v2.0.0","v2.0.1","v3.0.0","v3.1.0","v3.1.2","v3.2.0","v3.2.1","v4.0.0","v4.0.1","v4.0.2","v4.1.0","v4.2.0","v4.2.dev1","v4.4.0","v5.11.0.rc1","v5.5.dev1","v5.5.dev2","v5.6.0","v5.6.1","v5.6.2","v5.6.3","v5.6.dev1","v5.6.dev2","v5.6.dev3","v5.6.dev4","v5.6.dev5","v5.6.dev6","v5.6.dev7","v5.7.0","v5.7.1","v5.8.0","v5.8.1","v5.9.0","v5.9.1","v5.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41132.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}