17 matches found
Directory traversal
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...
CVE-2024-24398
Stimulsoft Dashboard.JS contains a Directory Traversal vulnerability in the Save function’s fileName parameter, enabling remote arbitrary code execution. Affected versions include before 2024.1.2 (and variants noted in multiple advisories, e.g., before 2024.1.2/1.2 and before 2024.1.3 in separate...
CVE-2024-24398
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component...
Cross site scripting
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component...
GHSA-9CGF-PXWQ-2CPW Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field...
CVE-2024-24397
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field...
Cross site scripting
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field...
CVE-2024-24396
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component...
CVE-2024-24397
Summary : CVE-2024-24397 affects Stimulsoft Dashboard.JS prior to 2024.1.2. The vulnerability is a Cross Site Scripting (XSS) flaw due to improper sanitization of the ReportName field, enabling a remote attacker to execute arbitrary code via a crafted payload. The commonly cited impact is client-...
CVE-2024-24397
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field...
CVE-2024-24396
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component...
CVE-2023-25262
Stimulsoft GmbH Stimulsoft Designer Web 2023.1.3 is vulnerable to Server Side Request Forgery SSRF. TThe Reporting Designer Web offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather...
CVE-2023-25261
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...
Remote code execution
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...
CVE-2023-25261
CVE-2023-25261 affects Stimulsoft products: Desktop 2023.1.4; Web 2023.1.3 (Designer and Viewer). The issue enables Remote Code Execution by permitting unrestricted access to the local file system, allowing an attacker to read/write local directories/files and potentially render collected data vi...
CVE-2023-25261
Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...