CVE-2024-3323

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://community.tibco.com/advisories/tibco-security-advisory-april-9-2024-tibco-jasperreports-server-cve-2024-3323-r209/

Configurations

No configuration.

History

03 Jul 2024, 02:06

Type	Values Removed	Values Added
Summary		(es) Cross Site Scripting en la validación de solicitud/respuesta de UI en TIBCO JasperReports Server 8.0.4 y 8.2.0 permite la inyección de scripts ejecutables maliciosos en el código de una aplicación confiable que pueden llevar a robar la cookie de sesión activa del usuario mediante el envío de un enlace malicioso, incitando al usuario a interactuar.
CWE		CWE-79

17 Apr 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-17 19:15

Updated : 2024-07-03 02:06

NVD link : CVE-2024-3323

Mitre link : CVE-2024-3323

CVE.ORG link : CVE-2024-3323

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

8.3 /10