MidnightBSD

Advisories for jasperforge

CVE-2011-1911 MEDIUM

JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
jasperforge jasperreports_server_community_project 3.7.0
jasperforge jasperreports_server_community_project 3.7.1