CVE-2024-24397
- Source
- https://cve.org/CVERecord?id=CVE-2024-24397
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24397.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-24397
- Aliases
- Published
- 2024-02-05T16:15:55.493Z
- Modified
- 2025-11-15T09:56:21.964791Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.
- References
Affected packages
Git / github.com/stimulsoft/dashboards.js
Affected ranges
- Type
- GIT
- Repo
- https://github.com/stimulsoft/dashboards.js
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2019.*
2019.2.2
2019.2.3
2019.3.1
2019.3.2
2019.3.3
2019.3.4
2019.3.5
2019.3.6
2019.4.2
2020.*
2020.2.1
2020.2.2
2020.4.1
2020.4.2
2020.5.1
2021.*
2021.1.1
2021.2.1
2021.2.2
2021.2.3
2021.3.1
v2021.*
v2021.3.3
v2021.3.5
v2021.3.6
v2021.3.7
v2021.4.1
v2021.4.2
v2021.4.3
v2022.*
v2022.1.1
v2022.1.3
v2022.1.4
v2022.1.5
v2022.1.6
v2022.2.1
v2022.2.2
v2022.2.3
v2022.2.4
v2022.2.5
v2022.2.6
v2022.3.1
v2022.3.2
v2022.3.3
v2022.3.4
v2022.3.5
v2022.4.1
v2022.4.2
v2022.4.3
v2022.4.4
v2022.4.5
v2023.*
v2023.1.1
v2023.1.2
v2023.1.3
v2023.1.4
v2023.1.5
v2023.1.6
v2023.1.7
v2023.1.8
v2023.2.1
v2023.2.2
v2023.2.3
v2023.2.4
v2023.2.6
v2023.2.7
v2023.2.8
v2023.3.1
v2023.3.2
v2023.3.3
v2023.3.4
v2023.4.1
v2023.4.2
v2023.4.3
v2023.4.4
v2024.*
v2024.1.1