[#10146] - JasperReports Server vulnerable to Reflected Cross Site Scripting

Category:
Patch
Priority:
High
Status:
New
Project: Severity:
Minor
Resolution:
Open
Component: Reproducibility:
Not Attempted
Assigned to:
0

The search field is vulnerable to Reflected XSS attacks. You need to encourage a user to click on the trapped link below. However, it is not that easy as parameter "_flowExecutionKey" is user context dependent and not predictable, creating such functional URL that executes malevolent code will be hard but not impossible to generate for a potential hacker.
URL : /jasperserver/flow.html?_flowExecutionKey=e4s1&_eventId=search&text=testviohy%3cimg%20src%3da%20onerror%3dalert(1)%3ejr50xfz7ibg&mode=search

This vulnerability is also present on "folderUri" parameter.

With this kind of vulnerability, hackers can, for example, take control of users account, include hostile content or redirect users to malevolent site.

AttachmentSize
Image icon reflectedxss.png240.4 KB
v6.3.0
JasperReports Server
thomas.penne's picture
Joined: Nov 24 2017 - 5:38am
Last seen: 3 years 11 months ago

1 Comment:

#1

I believe this issue has been addressed in the latest JRS 6.4.2.

Feedback