Test ID:	1.3.6.1.4.1.25623.1.0.144000
Category:	Web application abuses
Title:	TIBCO JasperReports <= 7.1.1, 7.2.0, 7.5.0 HTML Injection Vulnerability
Summary:	TIBCO JasperReports is prone to an HTML injection vulnerability.
Description:	Summary: TIBCO JasperReports is prone to an HTML injection vulnerability. Vulnerability Insight: JasperReorts contains a vulnerability that allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Vulnerability Impact: An attacker could gain full control of the web interface displaying a generated report. Since the TIBCO JasperReports Library is used to generate reports as a component of web interfaces, the theoretical impact of this vulnerability is that the attacker can obtain the privileges of the highest privileged owner that views a maliciously generated report. Affected Software/OS: TIBCO JasperReports Server 7.1.1 and prior, 7.2.0 and 7.5.0. Solution: Update to version 7.1.3, 7.2.2, 7.5.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-9410 http://www.tibco.com/services/support/advisories https://www.oracle.com/security-alerts/cpuoct2020.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.