cbcvebase.
CVE-2014-2542
published 2014-04-08

CVE-2014-2542: Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous…

PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.79%
75.6th percentile
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected

12 ranges
VendorProductVersion rangeFixed in
tibcomessaging_appliance<= 8.7.0
tibcorendezvous<= 8.4.1
tibcorendezvous
tibcorendezvous
tibcorendezvous
tibcorendezvous
tibcorendezvous
tibcorendezvous
tibcorendezvous
tibcorendezvous
tibcorendezvous
tibcosubstantiation_es<= 2.8.0

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.