DI Lukas Hammer, BSc

3 exploits Active since Feb 2024
CVE-2024-24396 NOMISEC MEDIUM WRITEUP
Stimulsoft Dashboard.JS < 2024.1.2 - Remote Code Execution via Search Bar Component
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.
CVSS 6.1
CVE-2024-24397 NOMISEC MEDIUM WRITEUP
stimulsoft dashboards.js < 2024.1.2 - Cross-Site Scripting via ReportName Field
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.
CVSS 5.4
CVE-2024-24398 NOMISEC CRITICAL WRITEUP
Stimulsoft Dashboard.JS < 2024.1.2 - Path Traversal via Save Function FileName Parameter
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.
CVSS 9.8