TIBCO JasperReports Server vulnerable to Cross-Site Scripting Attacks
CVE-2024-3323

8.3HIGH

Key Information:

Vendor: Tibco
Status: Jasperreports Server
Vendor: CVE Published:; 17 April 2024

Summary

A Cross Site Scripting (XSS) vulnerability has been identified in the user interface request and response validation mechanisms of TIBCO JasperReports Server versions 8.0.4 and 8.2.0. This flaw permits an attacker to inject malicious executable scripts into the trusted application’s environment. Such exploitation can result in unauthorized access to the user's session by stealing their active session cookie. Users may be enticed to interact with a fraudulent link, which triggers the execution of malicious scripts within the context of the application, compromising their session security and potentially leading to further attacks or unauthorized data exposure.

Affected Version(s)

JasperReports Server 8.0 < 8.0.4

JasperReports Server 8.2 < 8.2.0

References

https://community.tibco.com/advisories/tibco-security-adv...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 4, 2024