Title: Cross-site Scripting (XSS) vulnerabilities in TIBCO Nimbus
CVE ID: CVE-2023-26218
CVSSv3 Base Score: 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Vendor: TIBCO
Products: TIBCO Nimbus
Advisory Release Date: 27-09-2023
Advisory URL: https://labs.integrity.pt/advisories/cve-2023-26218
Credits: Discovery by Pedro Miguel Ferreira <pedro.miguel.ferreira[at]devoteam.com>
TIBCO Nimbus is vulnerable to several Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim’s local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker.
TIBCO Nimbus versions 10.6.0 and below.
TIBCO has released updated versions of the affected systems which address this issue:
© 2024 INTEGRITY S.A. All rights reserved. | Cookie Policy