CVE-2024-3323

Name of the Vulnerable Software and Affected Versions TIBCO JasperReports Server versions 8.0.4 through 8.2.0

Description The issue allows for the injection of malicious executable scripts into the code of a trusted application, potentially leading to the theft of a user's active session cookie via a malicious link that entices the user to interact. This is related to UI Request/Response Validation in the affected software.

Recommendations For versions 8.0.4 through 8.2.0, update to a version that includes a fix for this issue to prevent the injection of malicious scripts. As a temporary workaround, consider restricting user interaction with potentially malicious links to minimize the risk of exploitation.