ScriptCase
by ScriptCase
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-25535 | Cri | 0.64 | 9.8 | 0.00 | Mar 26, 2025 | HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. | ||
| CVE-2024-46084 | Hig | 0.52 | 8.0 | 0.01 | Oct 1, 2024 | Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. | ||
| CVE-2024-46080 | Hig | 0.52 | 8.0 | 0.01 | Oct 1, 2024 | Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. | ||
| CVE-2022-32199 | Med | 0.42 | 6.5 | 0.02 | Mar 27, 2023 | db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter. | ||
| CVE-2024-46079 | Med | 0.40 | 6.1 | 0.00 | Oct 1, 2024 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. | ||
| CVE-2024-46082 | Med | 0.35 | 5.4 | 0.00 | Oct 1, 2024 | Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. | ||
| CVE-2024-46083 | Med | 0.35 | 5.4 | 0.00 | Oct 1, 2024 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular… | ||
| CVE-2024-46081 | Med | 0.35 | 5.4 | 0.00 | Oct 1, 2024 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the… | ||
| CVE-2025-29322 | Med | 0.30 | 4.6 | 0.00 | Mar 26, 2025 | A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages. |
- risk 0.64cvss 9.8epss 0.00
HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.
- risk 0.52cvss 8.0epss 0.01
Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.
- risk 0.52cvss 8.0epss 0.01
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function.
- risk 0.42cvss 6.5epss 0.02
db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter.
- risk 0.40cvss 6.1epss 0.00
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter.
- risk 0.35cvss 5.4epss 0.00
Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.
- risk 0.35cvss 5.4epss 0.00
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular…
- risk 0.35cvss 5.4epss 0.00
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the…
- risk 0.30cvss 4.6epss 0.00
A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages.