CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
9.6%
Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users’ devices or data. This vulnerability is fixed in 4.89.
Vendor | Product | Version | CPE |
---|---|---|---|
clinical-genomics | scout | * | cpe:2.3:a:clinical-genomics:scout:*:*:*:*:*:*:*:* |
[
{
"vendor": "Clinical-Genomics",
"product": "scout",
"versions": [
{
"version": "<= 4.88.1",
"status": "affected"
}
]
}
]