Lucene search
+L

17 matches found

Prion
Prion
added 2024/02/06 12:15 a.m.16 views

Directory traversal

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

7.5CVSS8.1AI score0.02007EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/02/06 12:0 a.m.63 views

CVE-2024-24398

Stimulsoft Dashboard.JS contains a Directory Traversal vulnerability in the Save function’s fileName parameter, enabling remote arbitrary code execution. Affected versions include before 2024.1.2 (and variants noted in multiple advisories, e.g., before 2024.1.2/1.2 and before 2024.1.3 in separate...

9.8CVSS9.5AI score0.02007EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/02/06 12:0 a.m.37 views

CVE-2024-24398

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function...

9.8AI score0.02007EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/02/05 9:30 p.m.20 views

Stimulsoft Dashboard.JS Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component...

6.1CVSS7.2AI score0.00822EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2024/02/05 7:15 p.m.14 views

Cross site scripting

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component...

5.8CVSS7.5AI score0.00822EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/02/05 6:31 p.m.54 views

GHSA-9CGF-PXWQ-2CPW Stimulsoft Dashboard.JS Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field...

5.4CVSS5.6AI score0.00753EPSS
Exploits1References5
NVD
NVD
added 2024/02/05 4:15 p.m.31 views

CVE-2024-24397

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field...

5.4CVSS5.7AI score0.00753EPSS
Exploits1References2
Prion
Prion
added 2024/02/05 4:15 p.m.20 views

Cross site scripting

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field...

4.9CVSS7.5AI score0.00753EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/02/05 12:0 a.m.21 views

CVE-2024-24396

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component...

6.5AI score0.00822EPSS
Exploits1References2
CVE
CVE
added 2024/02/05 12:0 a.m.60 views

CVE-2024-24397

Summary : CVE-2024-24397 affects Stimulsoft Dashboard.JS prior to 2024.1.2. The vulnerability is a Cross Site Scripting (XSS) flaw due to improper sanitization of the ReportName field, enabling a remote attacker to execute arbitrary code via a crafted payload. The commonly cited impact is client-...

5.4CVSS5.7AI score0.00753EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/02/05 12:0 a.m.45 views

CVE-2024-24397

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field...

5.9AI score0.00753EPSS
Exploits1References2
OSV
OSV
added 2024/02/05 12:0 a.m.31 views

CVE-2024-24396

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component...

6.1CVSS6.4AI score0.00822EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/03/28 12:0 a.m.31 views

CVE-2023-25262

Stimulsoft GmbH Stimulsoft Designer Web 2023.1.3 is vulnerable to Server Side Request Forgery SSRF. TThe Reporting Designer Web offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather...

7.8AI score0.00892EPSS
Exploits1References2
NVD
NVD
added 2023/03/27 9:15 p.m.26 views

CVE-2023-25261

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...

9.8CVSS9.5AI score0.01887EPSS
Exploits0References2
Prion
Prion
added 2023/03/27 9:15 p.m.21 views

Remote code execution

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...

7.5CVSS9.3AI score0.01887EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2023/03/27 12:0 a.m.52 views

CVE-2023-25261

CVE-2023-25261 affects Stimulsoft products: Desktop 2023.1.4; Web 2023.1.3 (Designer and Viewer). The issue enables Remote Code Execution by permitting unrestricted access to the local file system, allowing an attacker to read/write local directories/files and potentially render collected data vi...

9.8CVSS9.3AI score0.01887EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.36 views

CVE-2023-25261

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...

9.7AI score0.01887EPSS
Exploits0References2
Rows per page
Query Builder