Stimulsoft Dashboard.JS Cross Site Scripting vulnerability

Severity:: Medium

Description

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.

Recommendation

Update the stimulsoft-dashboards-js package to the latest compatible version. Followings are version details:

Affected version(s): < 2024.1.2
Patched version(s): 2024.1.2

References

GHSA-9m6m-c64r-w4f4
cloud-trustit.spp.at
stimulsoft.com
cves.at
CVE-2024-24396
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Stimulsoft Dashboard.JS Cross Site Scripting vulnerability (GHSA-9cgf-pxwq-2cpw) - CVE-2024-24397
seajs Cross-site Scripting vulnerability - CVE-2024-51091
@urql/next Cross-site Scripting vulnerability - CVE-2024-24556
Stimulsoft Dashboard.JS directory traversal vulnerability - CVE-2024-24398

Tags:: npm; stimulsoft-dashboards-js

Anything's wrong? Let us know Last updated on February 14, 2024