CVE-2022-41563 — Cross-site Scripting in Software INC Tibco Jasperreports Server

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

CNA9.0

EPSS

0.5%

top 35.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Jasperreports Server Tibco Software INC Tibco Jasperreports Server Developer Edition Tibco Software INC Tibco Jasperreports Server FOR AWS Marketplace +2 more

Timeline

PublishedDec 13

Latest updateDec 15

Description

The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_for_microsoft_azureunspecified — 8.0.2+1

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_developer_editionunspecified — 8.1.0

▶CVEListV5tibco_software_inc/tibco_jasperreports_server_for_aws_marketplaceunspecified — 8.0.2+1

▶CVEListV5tibco_software_inc/tibco_jasperreports_serverunspecified — 8.0.2+1

▶NVDtibco/jasperreports_server8.0.2+2

🔴Vulnerability Details

CVEList

TIBCO JasperReports Server Stored XSS Vulnerability↗2022-12-15

▶

OSV

CVE-2022-41563: The Dashboard component of TIBCO Software Inc↗2022-12-13

▶

GHSA

GHSA-2wj3-4hph-hjgw: The Dashboard component of TIBCO Software Inc↗2022-12-13

▶