CVE-2024-8942

Name of the Vulnerable Software and Affected Versions: Scriptcase version 9.4.019

Description: The issue is a Cross-Site Scripting (XSS) due to the lack of input validation, affecting the id form msg title parameter, among others. This could allow a remote user to send a specially crafted URL to a victim and retrieve their credentials.

Recommendations: For Scriptcase version 9.4.019, as a temporary workaround, consider restricting the use of the id form msg title parameter until a patch is available. Avoid using this parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.