GHSA-j4gv-6x9v-v23g: OMERO.web uses jquery-form library, which may be vulnerable to XSS attack

November 24, 2025

OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks.

References

github.com/advisories/GHSA-j4gv-6x9v-v23g
github.com/jquery-form/form/issues/604
github.com/ome/omero-web
github.com/ome/omero-web/commit/a3eadf722cfada2b844b97abe65baf5856e77c4f
github.com/ome/omero-web/security/advisories/GHSA-j4gv-6x9v-v23g

Code Behaviors & Features

Detect and mitigate GHSA-j4gv-6x9v-v23g with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →