8.3
CVE-2024-3323
- EPSS 0.08%
- Veröffentlicht 17.04.2024 19:15:08
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@tibco.com
- CVE-Watchlists
- Unerledigt
Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellertibco
≫
Produkt
jasperreports_server
Default Statusunknown
Version
8.0.4
Status
affected
Herstellertibco
≫
Produkt
jasperreports_server
Default Statusunknown
Version
8.2.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.236 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@tibco.com | 8.3 | 1.7 | 6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.