DI Lukas Hammer, BSc - Security Researcher - Exploit Intelligence Platform

CVE-2024-24396 NOMISEC MEDIUM WRITEUP

Stimulsoft Dashboard.js < 2024.1.2 - Code Injection

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.

CVSS 6.1

View Code

CVE-2024-24397 NOMISEC MEDIUM WRITEUP

Stimulsoft Dashboards.js < 2024.1.2 - XSS

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.

CVSS 5.4

View Code

CVE-2024-24398 NOMISEC CRITICAL WRITEUP

Stimulsoft Dashboards.php < 2024.1.2 - Path Traversal

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.

CVSS 9.8

View Code