Teng Zheng

**Name of the Vulnerable Software and Affected Versions** OMERO.web versions prior to 5.9.0 **Description** OMERO.web is open source Django-based software for managing microscopy imaging. It supports redirection to a given URL after performing login or switching the group context. However, these URLs are not validated in versions prior to 5.9.0, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting, and external URLs are not considered valid unless specified in the `omero.web.redirect allowed hosts` setting. **Recommendations** For versions prior to 5.9.0, update to version 5.9.0 to add URL validation before redirecting. As a temporary workaround, consider specifying valid external URLs in the `omero.web.redirect allowed hosts` setting to minimize the risk of exploitation.