CVE-2024-47530
- EPSS 0.16%
- Veröffentlicht 30.09.2024 16:15:09
- Zuletzt bearbeitet 15.11.2024 18:03:06
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence ...
CVE-2024-47531
- EPSS 0.04%
- Veröffentlicht 30.09.2024 16:15:09
- Zuletzt bearbeitet 15.11.2024 18:02:14
Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file ...
CVE-2022-1592
- EPSS 0.21%
- Veröffentlicht 05.05.2022 11:15:08
- Zuletzt bearbeitet 21.11.2024 06:41:02
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
CVE-2022-1554
- EPSS 0.61%
- Veröffentlicht 03.05.2022 09:15:08
- Zuletzt bearbeitet 21.11.2024 06:40:57
Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.