Lucene search

K
vulnrichmentTibcoVULNRICHMENT:CVE-2024-3323
HistoryApr 17, 2024 - 6:53 p.m.

CVE-2024-3323 Reflected Cross Site Scripting (XSS) vulnerability

2024-04-1718:53:21
tibco
github.com
cve-2024-3323
cross site scripting
ui request/response validation
tibco jasperreports server

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

AI Score

7

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Cross Site Scripting in

UI Request/Response Validation

in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user’s active session cookieΒ via sending malicious link, enticing the user to interact.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:tibco:jasperreports_server:8.0.4:*:*:*:*:*:*:*"
    ],
    "vendor": "tibco",
    "product": "jasperreports_server",
    "versions": [
      {
        "status": "affected",
        "version": "8.0.4"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:tibco:jasperreports_server:8.2.0:*:*:*:*:*:*:*"
    ],
    "vendor": "tibco",
    "product": "jasperreports_server",
    "versions": [
      {
        "status": "affected",
        "version": "8.2.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

AI Score

7

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2024-3323