Eclipse: >> Business Intelligence And Reporting Tools >> 2.1.1 Security Vulnerabilities
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
CVSS Score
9.8
EPSS Score
0.071
Published
2021-06-25
In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-09