5.4
CVE-2023-26220
- EPSS 0.11%
- Published 10.10.2023 23:15:09
- Last modified 21.11.2024 07:50:56
- Source security@tibco.com
- Teams watchlist Login
- Open Login
The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.
Data is provided by the National Vulnerability Database (NVD)
Tibco ≫ Spotfire Analyst Version <= 11.4.7
Tibco ≫ Spotfire Analyst Version11.5.0
Tibco ≫ Spotfire Analyst Version11.6.0
Tibco ≫ Spotfire Analyst Version11.7.0
Tibco ≫ Spotfire Analyst Version11.8.0
Tibco ≫ Spotfire Analyst Version12.0.0
Tibco ≫ Spotfire Analyst Version12.0.1
Tibco ≫ Spotfire Analyst Version12.0.2
Tibco ≫ Spotfire Analyst Version12.0.3
Tibco ≫ Spotfire Analyst Version12.0.4
Tibco ≫ Spotfire Analyst Version12.1.0
Tibco ≫ Spotfire Analyst Version12.1.1
Tibco ≫ Spotfire Server Version <= 11.4.11
Tibco ≫ Spotfire Server Version11.5.0
Tibco ≫ Spotfire Server Version11.6.0
Tibco ≫ Spotfire Server Version11.6.1
Tibco ≫ Spotfire Server Version11.6.2
Tibco ≫ Spotfire Server Version11.6.3
Tibco ≫ Spotfire Server Version11.7.0
Tibco ≫ Spotfire Server Version11.8.0
Tibco ≫ Spotfire Server Version11.8.1
Tibco ≫ Spotfire Server Version12.0.0
Tibco ≫ Spotfire Server Version12.0.1
Tibco ≫ Spotfire Server Version12.0.2
Tibco ≫ Spotfire Server Version12.0.3
Tibco ≫ Spotfire Server Version12.0.4
Tibco ≫ Spotfire Server Version12.0.5
Tibco ≫ Spotfire Server Version12.1.0
Tibco ≫ Spotfire Server Version12.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.308 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| security@tibco.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.