CVE-2024-46081

Name of the Vulnerable Software and Affected Versions Scriptcase versions 9.10.023 and earlier

Description The issue allows an authenticated user to craft malicious payloads in the To-Do List, triggering a stored Cross Site Scripting (XSS) attack when the assigned user interacts with the task. This is particularly dangerous because tasks are often assigned to various users on the platform.

Recommendations For Scriptcase versions 9.10.023 and earlier, as a temporary workaround, consider restricting access to the To-Do List feature until a patch is available. Avoid assigning tasks that may contain malicious payloads to other users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.