CVE-2024-24397

描述

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.

受影響套件(1)

• npm/stimulsoft-dashboards-jsfrom 0, < 2024.1.2

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-24397
• PATCHhttps://github.com/stimulsoft/Dashboards.JS
• WEBhttps://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R
• WEBhttps://cves.at/posts/cve-2024-24397/writeup
• WEBhttp://stimulsoft.com