Skip to main content

UI Request CVE-2024-3323

HIGH
Cross-site Scripting (XSS) (CWE-79)
2024-04-17 security@tibco.com
8.3
CVSS 3.1 · Vendor: tibco
Share

Severity by source

Vendor (tibco) PRIMARY
8.3 HIGH
AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Primary rating from Vendor (tibco) · only source for this CVE.

CVSS VectorVendor: tibco

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

1
CVE Published
Apr 17, 2024 - 19:15 cve.org
HIGH 8.3

DescriptionCVE.org

Cross Site Scripting in

UI Request/Response Validation

in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact.

AnalysisAI

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact.

Affected ProductsAI

TIBCO JasperReports Server 8.0.4 and 8.2.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

Share

CVE-2024-3323 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy