Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05Y2dmLXB4d3EtMmNwd84AA5ET
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.
Permalink: https://github.com/advisories/GHSA-9cgf-pxwq-2cpwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05Y2dmLXB4d3EtMmNwd84AA5ET
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 10 months ago
Updated: 9 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-9cgf-pxwq-2cpw, CVE-2024-24397
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-24397
- https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R
- http://stimulsoft.com
- https://cves.at/posts/cve-2024-24397/writeup
- https://github.com/advisories/GHSA-9cgf-pxwq-2cpw
Affected Packages
npm:stimulsoft-dashboards-js
Dependent packages: 0Dependent repositories: 2
Downloads: 5,068 last month
Affected Version Ranges: < 2024.1.2
Fixed in: 2024.1.2
All affected versions: 2019.2.1, 2019.2.2, 2019.2.3, 2019.3.1, 2019.3.2, 2019.3.3, 2019.3.4, 2019.3.5, 2019.3.6, 2019.3.7, 2019.4.1, 2019.4.2, 2020.1.1, 2020.2.1, 2020.2.2, 2020.2.3, 2020.3.1, 2020.3.2, 2020.4.1, 2020.4.2, 2020.5.1, 2020.5.2, 2021.1.1, 2021.1.2, 2021.2.1, 2021.2.2, 2021.2.3, 2021.2.4, 2021.3.1, 2021.3.2, 2021.3.3, 2021.3.4, 2021.3.5, 2021.3.6, 2021.3.7, 2021.4.1, 2021.4.2, 2021.4.3, 2021.4.4, 2022.1.1, 2022.1.2, 2022.1.3, 2022.1.4, 2022.1.5, 2022.1.6, 2022.2.1, 2022.2.3, 2022.2.4, 2022.2.5, 2022.2.6, 2022.3.1, 2022.3.2, 2022.3.3, 2022.3.4, 2022.3.5, 2022.4.1, 2022.4.2, 2022.4.3, 2022.4.4, 2022.4.5, 2023.1.1, 2023.1.2, 2023.1.3, 2023.1.4, 2023.1.5, 2023.1.6, 2023.1.7, 2023.1.8, 2023.2.1, 2023.2.2, 2023.2.3, 2023.2.4, 2023.2.5, 2023.2.6, 2023.2.7, 2023.2.8, 2023.3.1, 2023.3.2, 2023.3.3, 2023.3.4, 2023.4.1, 2023.4.2, 2023.4.3, 2023.4.4, 2024.1.1
All unaffected versions: 2024.1.2, 2024.1.3, 2024.1.4, 2024.2.1, 2024.2.2, 2024.2.3, 2024.2.4, 2024.2.5, 2024.2.6, 2024.3.1, 2024.3.2, 2024.3.3, 2024.3.4, 2024.3.5, 2024.3.6, 2024.4.1, 2024.4.2, 2024.4.3, 2024.4.4