PT-2024-20382 · Stimulsoft · Stimulsoft Dashboard.Js
Di Lukas Hammer
+1
·
Published
2024-02-05
·
Updated
2024-02-22
·
CVE-2024-24397
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Stimulsoft Dashboard.JS versions prior to 2024.1.2
Description
The issue allows a remote attacker to execute arbitrary code via a crafted payload to the
ReportName field. This enables the attacker to perform Cross Site Scripting attacks.Recommendations
For versions prior to 2024.1.2, update to version 2024.1.2 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
ReportName field to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stimulsoft Dashboard.Js