CVE-2021-23273Cross-site Scripting in Software INC Tibco Spotfire Analyst

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
CNA8.0
EPSS
0.3%
top 51.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Tibco Software INC Tibco Spotfire AnalystTibco Software INC Tibco Spotfire Analytics Platform FOR AWS MarketplaceTibco Software INC Tibco Spotfire Desktop+5 more
Timeline
PublishedMar 9
Latest updateMay 24

Description

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO So

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages8 packages

CVEListV5tibco_software_inc/tibco_spotfire_serverunspecified10.3.11+10
CVEListV5tibco_software_inc/tibco_spotfire_analystunspecified10.3.3+8
CVEListV5tibco_software_inc/tibco_spotfire_desktopunspecified10.3.3+8
NVDtibco/spotfire_server10.3.11+10

🔴Vulnerability Details

2
GHSA
GHSA-gp35-g437-wqxw: The Spotfire client component of TIBCO Software Inc2022-05-24
CVEList
TIBCO Spotfire Cross Site Scripting Vulnerability2021-03-09
CVE-2021-23273 — Cross-site Scripting | cvebase