TIBCO JasperReports Server vulnerable to Cross-Site Scripting Attacks
CVE-2024-3323
8.3HIGH
What is CVE-2024-3323?
A Cross Site Scripting (XSS) vulnerability has been identified in the user interface request and response validation mechanisms of TIBCO JasperReports Server versions 8.0.4 and 8.2.0. This flaw permits an attacker to inject malicious executable scripts into the trusted application’s environment. Such exploitation can result in unauthorized access to the user's session by stealing their active session cookie. Users may be enticed to interact with a fraudulent link, which triggers the execution of malicious scripts within the context of the application, compromising their session security and potentially leading to further attacks or unauthorized data exposure.
Affected Version(s)
JasperReports Server 8.0 < 8.0.4
JasperReports Server 8.2 < 8.2.0