| Category: | Patch |
Priority: | High |
Status: | New |
| Project: | Severity: | Minor |
Resolution: | Open |
|
| Component: | Reproducibility: | Not Attempted |
Assigned to: |
The search field is vulnerable to Reflected XSS attacks. You need to encourage a user to click on the trapped link below. However, it is not that easy as parameter "_flowExecutionKey" is user context dependent and not predictable, creating such functional URL that executes malevolent code will be hard but not impossible to generate for a potential hacker.
URL : /jasperserver/flow.html?_flowExecutionKey=e4s1&_eventId=search&text=testviohy%3cimg%20src%3da%20onerror%3dalert(1)%3ejr50xfz7ibg&mode=search
This vulnerability is also present on "folderUri" parameter.
With this kind of vulnerability, hackers can, for example, take control of users account, include hostile content or redirect users to malevolent site.
| Attachment | Size |
|---|---|
 reflectedxss.png | 240.4 KB |
v6.3.0
JasperReports Server
1 Comment:
I believe this issue has been addressed in the latest JRS 6.4.2.