CVE-2014-2542 — Cross-site Scripting in Messaging Appliance

CWE-79 — Cross-site Scripting CWE-59 — Link Following CWE-862 — Missing Authorization4 documents4 sources

Severity

4.3MEDIUMNVD

GHSA8.8

EPSS

0.3%

top 44.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Messaging Appliance Tibco Rendezvous Tibco Substantiation ES

Timeline

PublishedApr 8

Latest updateMay 24

Description

Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDtibco/rendezvous8.4.1+9

▶NVDtibco/messaging_appliance8.7.0

▶NVDtibco/substantiation_es2.8.0

🔴Vulnerability Details

GHSA

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins↗2022-05-24

▶

GHSA

GHSA-vg47-w4gh-x9wq: Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendez↗2022-05-17

▶

CVEList

CVE-2014-2542: Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendez↗2014-04-08

▶