CVE-2022-41562: 
TIBCO JasperReports Server vulnerability analysis and mitigation

CVE-2022-41562 is a cross-site scripting (XSS) vulnerability discovered in the HTML escaping component of TIBCO JasperReports Server and its various editions (Community, Developer, AWS Marketplace, and Microsoft Azure versions). The vulnerability affects versions 8.0.2 and below, as well as version 8.1.0 across all editions (CVE List).

The vulnerability allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system. A successful exploitation requires human interaction from a person other than the attacker. The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially allow attackers to execute malicious scripts in the context of the affected application, potentially leading to unauthorized access to sensitive information, session hijacking, or other malicious activities that could compromise the security of the system and its users (CVE List).

TIBCO has released security updates to address this vulnerability. Users are advised to upgrade to the latest version of the affected products. The vulnerability affects multiple editions of JasperReports Server, including the standard, Community, Developer, AWS Marketplace, and Microsoft Azure versions (TIBCO Advisory).