DI Lukas Hammer, BSc - Security Researcher - Exploit Intelligence Platform

CVE-2024-24396 NOMISEC MEDIUM WRITEUP

Stimulsoft Dashboard.JS < 2024.1.2 - Remote Code Execution via Search Bar Component

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.

CVSS 6.1

View Code

CVE-2024-24397 NOMISEC MEDIUM WRITEUP

stimulsoft dashboards.js < 2024.1.2 - Cross-Site Scripting via ReportName Field

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.

CVSS 5.4

View Code

CVE-2024-24398 NOMISEC CRITICAL WRITEUP

Stimulsoft Dashboard.JS < 2024.1.2 - Path Traversal via Save Function FileName Parameter

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.

CVSS 9.8

View Code