CVE-2024-3323

Summary

Cross Site Scripting in

UI Request/Response Validation

in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact.

Affected Software

VendorProductVersion RangeStatus
TIBCOJasperReports Server8.0 < 8.0.4affected
TIBCOJasperReports Server8.2 < 8.2.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References