The following components are affected:
The JasperReports components listed above contain a vulnerability which may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks.
The impact of this vulnerability includes the possibility that a malicious user can gain access to a more privileged account.
CVSS v3 Base Score: 5.4 (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions: