CVE-2023-26220 — Cross-site Scripting in Software INC Spotfire Analyst

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 70.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Spotfire Analyst Tibco Software INC Spotfire Server Tibco Spotfire Analyst +1 more

Timeline

PublishedOct 10

Latest updateOct 11

Description

The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5tibco_software_inc/spotfire_server11.4.11+16

▶CVEListV5tibco_software_inc/spotfire_analyst11.4.7+11

▶NVDtibco/spotfire_server11.4.11+16

▶NVDtibco/spotfire_analyst11.4.7+11

🔴Vulnerability Details

GHSA

GHSA-p4rg-7c2h-6cqp: The Spotfire Library component of TIBCO Software Inc↗2023-10-11

▶

CVEList

TIBCO Spotfire Stored Cross-site Scripting (XSS) vulnerability↗2023-10-10

▶