Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.144000 |
Category: | Web application abuses |
Title: | TIBCO JasperReports <= 7.1.1, 7.2.0, 7.5.0 HTML Injection Vulnerability |
Summary: | TIBCO JasperReports is prone to an HTML injection vulnerability. |
Description: | Summary: TIBCO JasperReports is prone to an HTML injection vulnerability. Vulnerability Insight: JasperReorts contains a vulnerability that allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Vulnerability Impact: An attacker could gain full control of the web interface displaying a generated report. Since the TIBCO JasperReports Library is used to generate reports as a component of web interfaces, the theoretical impact of this vulnerability is that the attacker can obtain the privileges of the highest privileged owner that views a maliciously generated report. Affected Software/OS: TIBCO JasperReports Server 7.1.1 and prior, 7.2.0 and 7.5.0. Solution: Update to version 7.1.3, 7.2.2, 7.5.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-9410 http://www.tibco.com/services/support/advisories https://www.oracle.com/security-alerts/cpuoct2020.html |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |