Skip to main content

Scriptcase

9 CVEs product

Monthly

CVE-2024-46084 HIGH POC This Week

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Scriptcase
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-46082 MEDIUM POC This Month

Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Scriptcase
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46080 HIGH POC This Week

Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Scriptcase
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-46083 MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scriptcase
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46081 MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scriptcase
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46079 MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Scriptcase
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8942 HIGH This Week

Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Scriptcase
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-8941 MEDIUM This Month

Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Scriptcase
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-8940 CRITICAL Act Now

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Scriptcase
NVD
CVSS 3.1
9.8
EPSS
0.5%
EPSS 1% CVSS 8.0
HIGH POC This Week

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Scriptcase
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Scriptcase
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Scriptcase
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scriptcase
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scriptcase
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Scriptcase
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Scriptcase
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Scriptcase
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Scriptcase
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy