TIBCO EBX Add-ons Stored XSS vulnerability
Original release date: September 21, 2022
Source: TIBCOSoftware Inc.
TIBCO EBX Add-ons versions 5.4.1 and below
The following component is affected:
* Web Server
The component listed above contains an easily exploitable vulnerability that
allows a low privileged attacker with network access to execute Stored Cross
Site Scripting (XSS) on the affected system. A successful attack using this
vulnerability requires human interaction from a person other than the
Successful execution of these vulnerabilities will result in an attacker being
able to execute commands with the privileges of the affected user.
CVSS v3.1 Base Score: 8.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
TIBCO has released updated versions of the affected systems which address this
TIBCO EBX Add-ons versions 5.4.1 and below: update to version 5.4.2 or later