|Category:||Web application abuses|
|Title:||TIBCO JasperReports <= 7.1.1, 7.2.0, 7.5.0 HTML Injection Vulnerability|
|Summary:||TIBCO JasperReports is prone to an HTML injection vulnerability.|
TIBCO JasperReports is prone to an HTML injection vulnerability.
JasperReorts contains a vulnerability that allows an attacker to exploit
HTML injection to gain full control of a web interface containing the output of the report generator component
with the privileges of any user that views the affected report(s). The attacker can exploit this vulnerability
when other users view a maliciously generated report, where those reports use Fusion Charts and a data source
with contents controlled by the attacker.
An attacker could gain full control of the web interface displaying a
generated report. Since the TIBCO JasperReports Library is used to generate reports as a component of web
interfaces, the theoretical impact of this vulnerability is that the attacker can obtain the privileges of the
highest privileged owner that views a maliciously generated report.
TIBCO JasperReports Server 7.1.1 and prior, 7.2.0 and 7.5.0.
Update to version 7.1.3, 7.2.2, 7.5.1 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-9410|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.