CVE-2024-24396: 
JavaScript vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in Stimulsoft GmbH's Stimulsoft Dashboard.JS versions prior to v.2024.1.2. The vulnerability was discovered on January 10, 2024, and was assigned CVE-2024-24396. The issue affects the search bar component of the Dashboards application (CVE Details, Vulnerability Writeup).

The vulnerability is a reflected Cross-Site Scripting (XSS) issue that allows injection of arbitrary JavaScript code into the search bar, which gets executed when the search function is triggered. The vulnerability has been assigned a CVSS v3.1 score of 4.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N), indicating moderate severity with network attack vector and no authentication required (Vulnerability Writeup).

The vulnerability allows remote attackers to execute arbitrary code via a crafted payload to the search bar component. Since the product does not handle authentication on its own, the vulnerability can be exploited by unauthenticated users (Vulnerability Writeup).

The vulnerability has been fixed in Stimulsoft Dashboard.JS version 2024.1.3, which was released on January 19, 2024. Users are advised to upgrade to this version or later to mitigate the vulnerability (Vulnerability Writeup).