Cross-Site Scripting Vulnerability Could Allow Credentials Theft
CVE-2024-8942

8.2HIGH

Key Information:

Vendor: Scriptcase
Status: Scriptcase
Vendor: CVE Published:; 25 September 2024

What is CVE-2024-8942?

A Cross-Site Scripting (XSS) vulnerability exists in Scriptcase version 9.4.019, identified by a failure in input validation for the 'id_form_msg_title' parameter. This flaw enables remote attackers to send specially crafted URLs to users, potentially allowing unauthorized access to sensitive credentials. Organizations using this version of Scriptcase are advised to implement immediate security measures to mitigate the risk of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Scriptcase 9.4.019

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 25, 2024
Vulnerability Reserved
Sep 17, 2024

Credit

Rafael Pedrero

JSON

Scriptcase