VYPR
Vendor

ScriptCase

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2025-25535CriMar 26, 2025
    risk 0.64cvss 9.8epss 0.00

    HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.

  • CVE-2024-46084HigOct 1, 2024
    risk 0.52cvss 8.0epss 0.01

    Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.

  • CVE-2024-46080HigOct 1, 2024
    risk 0.52cvss 8.0epss 0.01

    Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function.

  • CVE-2022-32199MedMar 27, 2023
    risk 0.42cvss 6.5epss 0.02

    db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter.

  • CVE-2024-46079MedOct 1, 2024
    risk 0.40cvss 6.1epss 0.00

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter.

  • CVE-2024-46082MedOct 1, 2024
    risk 0.35cvss 5.4epss 0.00

    Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.

  • CVE-2024-46083MedOct 1, 2024
    risk 0.35cvss 5.4epss 0.00

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular…

  • CVE-2024-46081MedOct 1, 2024
    risk 0.35cvss 5.4epss 0.00

    Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the…

  • CVE-2025-29322MedMar 26, 2025
    risk 0.30cvss 4.6epss 0.00

    A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages.