VYPR

Scout

by Clinical Genomics

Source repositories

CVEs (2)

  • CVE-2024-47531MedSep 30, 2024
    risk 0.00cvss 4.6epss 0.00

    Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly…

  • CVE-2024-47530MedSep 30, 2024
    risk 0.00cvss 5.4epss 0.00

    Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic.…