Vulnerability	Vulnerable Version
M URL Redirection to Untrusted Site ('Open Redirect') scout-browser is a Clinical DNA variant visualizer and browser. Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') due to absence of sanitization logic of `next` parameter in `/login` API endpoint. The attacker can redirect victims to a controlled malicious website attempting to steal sensitive information. Note: Due to lack of scheme validation, the attacker can attempt to perform HTTPS Downgrade Attack to perform Man-in-the-Middle attack to steal sessions to perform account takeover. How to fix URL Redirection to Untrusted Site ('Open Redirect')? Upgrade `scout-browser` to version 4.89 or higher.	[,4.89)
M Improper Escaping of Output scout-browser is a Clinical DNA variant visualizer and browser. Affected versions of this package are vulnerable to Improper Escaping of Output due to the lack of sanitization in the `controllers.downloaded_panel_name` function. An attacker can inject malicious data inside the file and upload it with filename containing malicious extension, making the victim unknowingly download malicious files, which may lead to the compromise of their devices or data. How to fix Improper Escaping of Output? Upgrade `scout-browser` to version 4.89 or higher.	[,4.89)

URL Redirection to Untrusted Site ('Open Redirect')

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') due to absence of sanitization logic of next parameter in /login API endpoint. The attacker can redirect victims to a controlled malicious website attempting to steal sensitive information.

Note: Due to lack of scheme validation, the attacker can attempt to perform HTTPS Downgrade Attack to perform Man-in-the-Middle attack to steal sessions to perform account takeover.

How to fix URL Redirection to Untrusted Site ('Open Redirect')?

Upgrade scout-browser to version 4.89 or higher.

[,4.89)

Improper Escaping of Output

scout-browser is a Clinical DNA variant visualizer and browser.

Affected versions of this package are vulnerable to Improper Escaping of Output due to the lack of sanitization in the controllers.downloaded_panel_name function. An attacker can inject malicious data inside the file and upload it with filename containing malicious extension, making the victim unknowingly download malicious files, which may lead to the compromise of their devices or data.

How to fix Improper Escaping of Output?

Upgrade scout-browser to version 4.89 or higher.

[,4.89)

Go back to all versions of this package