CVE-2024-54795

Name of the Vulnerable Software and Affected Versions SpagoBI version 3.5.1

Description The issue concerns multiple Stored Cross-Site Scripting (XSS) vulnerabilities found in the create/edit forms of the worksheet designer function. This allows for the potential execution of malicious scripts, impacting the security of the application.

Recommendations For SpagoBI version 3.5.1, consider disabling the create/edit forms of the worksheet designer function until a patch is available to mitigate the risk of Stored Cross-Site Scripting (XSS) attacks. Restrict access to these forms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.