MidnightBSD

Advisories for cloud

CVE-2023-5914

  Cross-site scripting (XSS)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
secure@citrix.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
cloud citrix_storefront 1912
cloud citrix_storefront *
CVE-2024-3325

Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.

Products Affected

Vendor Product Version
cloud jasperreports_server 8.2.0
cloud jasperreports_server *
cloud jasperreports_server 9.0.0
CVE-2025-10492

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
cloud jasperreports_studio *
cloud jasperreports_web_studio *
cloud jasperreports_server *
cloud jasperreports_io *
cloud jasperreports_library *