CVE-2020-9410Cross-site Scripting in Software INC Tibco Jasperreports Library

CWE-79Cross-site ScriptingCWE-74Injection4 documents4 sources
Severity
8.8HIGHNVD
CNA7.3
EPSS
0.9%
top 24.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Tibco Software INC Tibco Jasperreports LibraryTibco Software INC Tibco Jasperreports Library FOR Activematrix BPMTibco Software INC Tibco Jasperreports Server+5 more
Timeline
PublishedMay 20
Latest updateMay 24

Description

The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affec

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

CVEListV5tibco_software_inc/tibco_jasperreports_serverunspecified7.1.1+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-jcfp-678f-37q2: The report generator component of TIBCO Software Inc2022-05-24
CVEList
TIBCO JasperReports Library2020-05-20

📋Vendor Advisories

1
Oracle
Oracle Oracle Retail Applications Risk Matrix: Order Broker Foundation (jasperreports_server) — CVE-2020-94102020-10-15
CVE-2020-9410 — Cross-site Scripting | cvebase