CVE-2024-46083: XSS
First published: Tue Oct 01 2024(Updated: )
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger actions for administrator users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Scriptcase | <9.10.023 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-46083?
CVE-2024-46083 is classified as a Cross Site Scripting (XSS) vulnerability, which can be severe as it allows attackers to inject malicious scripts into user accounts.
How do I fix CVE-2024-46083?
To fix CVE-2024-46083, update Scriptcase to version 9.10.024 or later, which addresses the XSS vulnerability.
Who is affected by CVE-2024-46083?
Authenticated users of Scriptcase versions 9.10.023 and earlier are affected by CVE-2024-46083.
What impact does CVE-2024-46083 have on users?
CVE-2024-46083 allows malicious users to craft payloads that can lead to injection of harmful scripts into any user's account.
Is there any mitigation for CVE-2024-46083 if an update cannot be applied immediately?
If an update cannot be applied immediately for CVE-2024-46083, consider disabling the messages feature to mitigate the risk of XSS attacks.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/scriptcase
- canonical/scriptcase