Critical severityNVD Advisory· Published Feb 6, 2024· Updated May 15, 2025

CVE-2024-24398

Description

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
stimulsoft-dashboards-jsnpm	< 2024.1.3	2024.1.3

Affected products

Stimulsoft GmbH/Stimulsoft Dashboard.JSdescription
ghsa-coords
pkg:npm/stimulsoft-dashboards-js
Range: < 2024.1.3

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-gfqf-9w98-7jmxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-24398ghsaADVISORY
stimulsoft.comghsaWEB
cloud-trustit.spp.at/s/Pi78FFazHamJQ5RghsaWEB
cves.at/posts/cve-2024-24398/writeupghsaWEB
cves.at/posts/cve-2024-24398/writeup/mitre

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000