Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

指向未可信站点的URL重定向(开放重定向)

Scout 输入验证错误漏洞

Scout是Clinical Genomics开源的一个用于分析VCF并能够辅助合作以更快地解决罕见疾病的平台。 Scout 4.89之前版本存在输入验证错误漏洞，该漏洞源于存在开放重定向漏洞，允许通过将用户重定向到恶意页面来对用户进行网络钓鱼攻击。

N/A

N/A