CVE-2024-3323

{"id": "CVE-2024-3323", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.7}]}, "published": "2024-04-17T19:15:08.177", "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-april-9-2024-tibco-jasperreports-server-cve-2024-3323-r209/", "source": "[email protected]"}, {"url": "https://community.tibco.com/advisories/tibco-security-advisory-april-9-2024-tibco-jasperreports-server-cve-2024-3323-r209/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting in \n\nUI Request/Response Validation\n\n in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie\u00a0via sending malicious link, enticing the user to interact."}, {"lang": "es", "value": "Cross Site Scripting en la validaci\u00f3n de solicitud/respuesta de UI en TIBCO JasperReports Server 8.0.4 y 8.2.0 permite la inyecci\u00f3n de scripts ejecutables maliciosos en el c\u00f3digo de una aplicaci\u00f3n confiable que pueden llevar a robar la cookie de sesi\u00f3n activa del usuario mediante el env\u00edo de un enlace malicioso, incitando al usuario a interactuar."}], "lastModified": "2024-11-21T09:29:23.787", "sourceIdentifier": "[email protected]"}