CVE-2018-5431Cross-site Scripting in Software INC Tibco Jasperreports Server

CWE-79Cross-site Scripting6 documents5 sources
Severity
5.4MEDIUMNVD
CNA6.3
EPSS
0.3%
top 51.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Tibco Software INC Tibco Jasperreports ServerTibco Software INC Tibco Jasperreports Server Community EditionTibco Software INC Tibco Jasperreports Server FOR Activematrix BPM+5 more
Timeline
PublishedApr 17
Latest updateMay 13

Description

The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: v

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages8 packages

CVEListV5tibco_software_inc/tibco_jasperreports_serverunspecified6.2.4+5

🔴Vulnerability Details

3
GHSA
GHSA-h4j5-2v82-4354: The domain designer component of TIBCO Software Inc2022-05-13
OSV
CVE-2018-5431: The domain designer component of TIBCO Software Inc2018-04-17
CVEList
TIBCO JasperReports Server Cross Site Scripting Vulnerability2018-04-17

💬Community

2
Bugzilla
CVE-2018-5431 jasperreports: persisted cross-site scripting (XSS) in the context of a non-default permissions configuration2018-04-23
Bugzilla
CVE-2018-5429 CVE-2018-5430 CVE-2018-5431 jasperreports: various flaws [fedora-all]2018-04-23
CVE-2018-5431 — Cross-site Scripting | cvebase