stimulsoft-dashboards-js@2021.3.6 vulnerabilities

Stimulsoft Dashboards.JS is a dashboards tool for Node.js

  • latest version

    2024.4.5

  • latest non vulnerable version

  • first published

    5 years ago

  • latest version published

    15 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the stimulsoft-dashboards-js package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Cross-site Scripting (XSS)

    stimulsoft-dashboards-js is a Stimulsoft Dashboards.JS is a dashboards tool for Node.js

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the ReportName field. An attacker can execute arbitrary code by injecting a crafted payload.

    How to fix Cross-site Scripting (XSS)?

    Upgrade stimulsoft-dashboards-js to version 2024.1.3 or higher.

    <2024.1.3
    • H
    Path Traversal

    stimulsoft-dashboards-js is a Stimulsoft Dashboards.JS is a dashboards tool for Node.js

    Affected versions of this package are vulnerable to Path Traversal via the Save function. An attacker can execute arbitrary code by sending a crafted payload to the fileName parameter.

    How to fix Path Traversal?

    Upgrade stimulsoft-dashboards-js to version 2024.1.3 or higher.

    <2024.1.3
    • M
    Cross-site Scripting

    stimulsoft-dashboards-js is a Stimulsoft Dashboards.JS is a dashboards tool for Node.js

    Affected versions of this package are vulnerable to Cross-site Scripting via the search bar component. An attacker can execute arbitrary code by injecting a crafted payload.

    How to fix Cross-site Scripting?

    Upgrade stimulsoft-dashboards-js to version 2024.1.3 or higher.

    <2024.1.3