CVE-2024-24396

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-24396

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24396.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-24396

Aliases

GHSA-9m6m-c64r-w4f4

Published

2024-02-05T19:15:08.557Z

Modified

2026-03-14T12:29:03.183091Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.

References

Affected packages

Git / github.com/stimulsoft/dashboards.js

Affected ranges

Type

GIT

Repo

https://github.com/stimulsoft/dashboards.js

Events

Introduced

Fixed

6143388768123b1d7b8563b52f83ec104f4f0bef

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2024.1.2"
        }
    ]
}

Affected versions

2019.*

2019.2.2

2019.2.3

2019.3.1

2019.3.2

2019.3.3

2019.3.4

2019.3.5

2019.3.6

2019.4.2

2020.*

2020.2.1

2020.2.2

2020.4.1

2020.4.2

2020.5.1

2021.*

2021.1.1

2021.2.1

2021.2.2

2021.2.3

2021.3.1

v2021.*

v2021.3.3

v2021.3.5

v2021.3.6

v2021.3.7

v2021.4.1

v2021.4.2

v2021.4.3

v2022.*

v2022.1.1

v2022.1.3

v2022.1.4

v2022.1.5

v2022.1.6

v2022.2.1

v2022.2.2

v2022.2.3

v2022.2.4

v2022.2.5

v2022.2.6

v2022.3.1

v2022.3.2

v2022.3.3

v2022.3.4

v2022.3.5

v2022.4.1

v2022.4.2

v2022.4.3

v2022.4.4

v2022.4.5

v2023.*

v2023.1.1

v2023.1.2

v2023.1.3

v2023.1.4

v2023.1.5

v2023.1.6

v2023.1.7

v2023.1.8

v2023.2.1

v2023.2.2

v2023.2.3

v2023.2.4

v2023.2.6

v2023.2.7

v2023.2.8

v2023.3.1

v2023.3.2

v2023.3.3

v2023.3.4

v2023.4.1

v2023.4.2

v2023.4.3

v2023.4.4

v2024.*

v2024.1.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24396.json"