CVE-2024-3323Cross-site Scripting in Jasperreports Server

CWE-79Cross-site Scripting3 documents3 sources
Severity
8.3HIGHNVD
EPSS
0.1%
top 76.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tibco Jasperreports Server
Timeline
PublishedApr 17

Description

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:LExploitability: 1.7 | Impact: 6.0

Affected Packages1 packages

CVEListV5tibco/jasperreports_server8.08.0.4+1

🔴Vulnerability Details

2
GHSA
GHSA-55rx-qj7r-7rwp: Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 82024-04-17
CVEList
Reflected Cross Site Scripting (XSS) vulnerability2024-04-17
CVE-2024-3323 — Cross-site Scripting | cvebase