CVE-2014-2542
published 2014-04-08CVE-2014-2542: Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.79%
75.6th percentile
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tibco | messaging_appliance | <= 8.7.0 | — |
| tibco | rendezvous | <= 8.4.1 | — |
| tibco | rendezvous | — | — |
| tibco | rendezvous | — | — |
| tibco | rendezvous | — | — |
| tibco | rendezvous | — | — |
| tibco | rendezvous | — | — |
| tibco | rendezvous | — | — |
| tibco | rendezvous | — | — |
| tibco | rendezvous | — | — |
| tibco | rendezvous | — | — |
| tibco | substantiation_es | <= 2.8.0 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
TIBCO Rendezvous up to 8.10 cross site scripting (ID 122092 / XFDB-92601)
vuldb·2026-05-10·CVSS 4.3
CVE-2014-2542 [MEDIUM] TIBCO Rendezvous up to 8.10 cross site scripting (ID 122092 / XFDB-92601)
A vulnerability, which was classified as problematic, has been found in TIBCO Rendezvous up to 8.10. This affects an unknown part. The manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2014-2542. The attack may be initiated remotely. There is no available exploit.
It is advisable to upgrade the affected component.
GHSA
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
ghsa·2022-05-24·CVSS 8.8
CVE-2021-21695 [HIGH] CWE-59 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes.
Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary files on the Jenkins controller file system, and obtain some information about Jenkins controller file systems.
SECURITY-2542 / CVE-2021-21695: `FilePath#listFiles` lists files outside directories with agent read access when following symbolic links.
We expect that most of these vulnerabilities have been present since [SECURITY-144 was addressed in the 2014-10-30 security advisory](https://www
GHSA
GHSA-vg47-w4gh-x9wq: Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendez
ghsa_unreviewed·2022-05-17
CVE-2014-2542 [MEDIUM] CWE-79 GHSA-vg47-w4gh-x9wq: Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendez
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/101873http://www.securityfocus.com/bid/66737http://www.securitytracker.com/id/1030070http://www.tibco.com/mk/advisory.jsphttp://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txthttp://www.securityfocus.com/bid/101873http://www.securityfocus.com/bid/66737http://www.securitytracker.com/id/1030070http://www.tibco.com/mk/advisory.jsphttp://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt
2014-04-08
Published