Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.144000
Category:Web application abuses
Title:TIBCO JasperReports <= 7.1.1, 7.2.0, 7.5.0 HTML Injection Vulnerability
Summary:TIBCO JasperReports is prone to an HTML injection vulnerability.
Description:Summary:
TIBCO JasperReports is prone to an HTML injection vulnerability.

Vulnerability Insight:
JasperReorts contains a vulnerability that allows an attacker to exploit
HTML injection to gain full control of a web interface containing the output of the report generator component
with the privileges of any user that views the affected report(s). The attacker can exploit this vulnerability
when other users view a maliciously generated report, where those reports use Fusion Charts and a data source
with contents controlled by the attacker.

Vulnerability Impact:
An attacker could gain full control of the web interface displaying a
generated report. Since the TIBCO JasperReports Library is used to generate reports as a component of web
interfaces, the theoretical impact of this vulnerability is that the attacker can obtain the privileges of the
highest privileged owner that views a maliciously generated report.

Affected Software/OS:
TIBCO JasperReports Server 7.1.1 and prior, 7.2.0 and 7.5.0.

Solution:
Update to version 7.1.3, 7.2.2, 7.5.1 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-9410
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.