Design/Logic Flaw

2023-02-2218:15:00

PRIOn knowledge base

www.prio-n.com

logic flaw

stored xss

tibco ebx

tibco product catalog

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.2%

JSON

The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below.

CPENameOperatorVersion
ebxge6.0.0
ebxlt6.0.12
ebxlt5.9.22
product_and_service_catalog_powered_by_tibco_ebxlt1.2.1

Name	Operator	Version
ebx	ge	6.0.0
ebx	lt	6.0.12
ebx	lt	5.9.22
product_and_service_catalog_powered_by_tibco_ebx	lt	1.2.1

References

www.tibco.com/services/support/advisories