Aggregates CVE and security vulnerability intelligence across all clinical-genomics-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling, vendor risk cross-site scripting, and vendor risk ssrf; exposure may include vendor impact file overwrite in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-47531 | Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89. | [email protected] | 4.6 | 0.30% | 2024-09-30 | 2026-06-17 |
| CVE-2024-47530 | Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. | [email protected] | 5.4 | 0.38% | 2024-09-30 | 2026-06-17 |
| CVE-2022-1592 | Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss... | [email protected] | 8.2 | 1.07% | 2022-05-05 | 2026-06-17 |
| CVE-2022-1554 | Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. | [email protected] | 7.5 | 1.27% | 2022-05-03 | 2026-06-17 |