Moderate severityNVD Advisory· Published Feb 5, 2024· Updated May 15, 2025

CVE-2024-24397

Description

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
stimulsoft-dashboards-jsnpm	< 2024.1.2	2024.1.2

Affected products

Stimulsoft GmbH/Stimulsoft Dashboard.JSdescription
ghsa-coords
pkg:npm/stimulsoft-dashboards-js
Range: < 2024.1.2

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-9cgf-pxwq-2cpwghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-24397ghsaADVISORY
stimulsoft.comghsaWEB
cloud-trustit.spp.at/s/Pi78FFazHamJQ5RghsaWEB
cves.at/posts/cve-2024-24397/writeupghsaWEB
cves.at/posts/cve-2024-24397/writeup/mitre

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000