Cross-site scripting (XSS)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| secure@citrix.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cloud | citrix_storefront | 1912 |
| cloud | citrix_storefront | * |
Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cloud | jasperreports_server | 8.2.0 |
| cloud | jasperreports_server | * |
| cloud | jasperreports_server | 9.0.0 |
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cloud | jasperreports_studio | * |
| cloud | jasperreports_web_studio | * |
| cloud | jasperreports_server | * |
| cloud | jasperreports_io | * |
| cloud | jasperreports_library | * |