Lucene search

Veracode Vulnerability DatabaseVERACODE:45375

HistoryFeb 06, 2024 - 1:17 p.m.

Stored Cross Site Scripting (XSS)

2024-02-0613:17:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

vulnerability

sanitization

stored payload

user interactions

properties

search bar

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

44.0%

JSON

stimulsoft-dashboards-js is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization for the ReportName field, which allows an attacker to create a stored XSS payload which remains active and is executed with specific user interactions, such as when a user clicks on the Properties or expands the search bar.

References

stimulsoft.com

cloud-trustit.spp.at/s/Pi78FFazHamJQ5R

cves.at/posts/cve-2024-24397/writeup/

github.com/advisories/GHSA-9cgf-pxwq-2cpw