TIBCO EBX Add-ons Cross Site Scripting (XSS) Vulnerability
CVE-2022-41566

8.7HIGH

Key Information:

Vendor: Tibco
Status: Tibco Ebx Add-ons
Vendor: CVE Published:; 22 February 2023

What is CVE-2022-41566?

The server component of TIBCO EBX Add-ons has a vulnerability that enables low privileged attackers with network access to execute stored Cross-Site Scripting (XSS) attacks on the vulnerable system. This flaw is particularly concerning in versions 5.6.0 and earlier, as it allows for unauthorized script execution, potentially compromising user data and overall system integrity. Mitigation involves updating to patched versions and implementing stringent security measures to prevent exploitation.

Affected Version(s)

TIBCO EBX Add-ons <= 5.6.0

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2023
Vulnerability Reserved
Sep 26, 2022

Tibco

What is CVE-2022-41566?

Affected Version(s)

References

CVSS V3.1

Timeline