CVE-2018-18816 — Cross-site Scripting in Software INC Tibco Jasperreports Server

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA8.0

EPSS

0.2%

top 52.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Jasperreports Server Tibco Software INC Tibco Jasperreports Server Community Edition Tibco Software INC Tibco Jasperreports Server FOR Activematrix BPM +5 more

Timeline

PublishedMar 7

Latest updateMay 13

Description

The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Commu…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages8 packages

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_community_editionunspecified — 7.1.0

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_for_activematrix_bpmunspecified — 6.4.3

▶CVEListV5tibco_software_inc/tibco_jasperreports_serverunspecified — 6.3.4+5

▶NVDtibco/jasperreports_server6.3.4+7

▶CVEListV5tibco_software_inc/tibco_jaspersoft_for_aws_with_multi-tenancyunspecified — 7.1.0

🔴Vulnerability Details

GHSA

GHSA-5j9q-xwf2-gf7h: The repository component of TIBCO Software Inc↗2022-05-13

▶

CVEList

TIBCO JasperReports Persistent Cross Site Scripting Vulnerability↗2019-03-07

▶