CVE-2024-47531

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-116
View all →

Vulnerability Description

Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89.

Related Vulnerabilities

CVE-2020-29023

LOW
CVSS:3.5(Low)

Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's comp...

CWE-1162020

CVE-2023-3190

LOW
CVSS:3.5(Low)

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

CWE-1162023

CVE-2025-23377

LOW
CVSS:3.4(Low)

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially ex...

CWE-1162025

CVE-2021-20405

LOW
CVSS:3.1(Low)

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183.

CWE-1162021

CVE-2020-4282

LOW
CVSS:3.0(Low)

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. X-Forc...

CWE-1162020

CVE-2020-4850

MEDIUM
CVSS:4.0(Medium)

IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 19...

CWE-1162020