npm package
stimulsoft-dashboards-js
pkg:npm/stimulsoft-dashboards-js
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-24398 | — | < 2024.1.3 | 2024.1.3 | Feb 6, 2024 | Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function. | ||
| CVE-2024-24397 | — | < 2024.1.2 | 2024.1.2 | Feb 5, 2024 | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field. | ||
| CVE-2024-24396 | — | < 2024.1.2 | 2024.1.2 | Feb 5, 2024 | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. |
- CVE-2024-24398Feb 6, 2024affected < 2024.1.3fixed 2024.1.3
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.
- CVE-2024-24397Feb 5, 2024affected < 2024.1.2fixed 2024.1.2
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.
- CVE-2024-24396Feb 5, 2024affected < 2024.1.2fixed 2024.1.2
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.