VYPR

XSS Open Redirect Via Scalar URL

by Prassan10

Source repositories

CVEs (1)

  • CVE-2026-30117CriMay 19, 2026
    risk 0.57cvss 9.8epss 0.01

    scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file.