CVE-2024-46083

Name of the Vulnerable Software and Affected Versions Scriptcase versions 9.10.023 and earlier

Description The issue allows an authenticated user to craft malicious payloads using the messages feature, enabling the injection of malicious code into any user's account on the platform. Regular users can trigger actions for administrator users. This is a Cross Site Scripting (XSS) issue.

Recommendations For Scriptcase versions 9.10.023 and earlier, as a temporary workaround, consider disabling the messages feature until a patch is available. Restrict access to the messages module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.