Di Lukas Hammer

**Name of the Vulnerable Software and Affected Versions** Stimulsoft Dashboard.JS versions prior to 2024.1.2 **Description** The issue allows a remote attacker to execute arbitrary code via a crafted payload to the `ReportName` field. This enables the attacker to perform Cross Site Scripting attacks. **Recommendations** For versions prior to 2024.1.2, update to version 2024.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ReportName` field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Stimulsoft Dashboard.JS versions prior to 2024.1.2 **Description** A Directory Traversal issue allows a remote attacker to execute arbitrary code via a crafted payload to the `fileName` parameter of the Save function. This enables the attacker to potentially access and manipulate files outside the intended directory structure. **Recommendations** For versions prior to 2024.1.2, update to version 2024.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Save function or validating the `fileName` parameter to prevent malicious payloads.