TIBCO EBX Cross-site Scripting (XXS) Vulnerability
CVE-2023-26222

8.7HIGH

Key Information:

Vendor: Tibco
Status: Tibco Ebx; Tibco Product And Service Catalog Powered By Tibco Ebx
Vendor: CVE Published:; 14 November 2023

What is CVE-2023-26222?

The Web Application component of TIBCO EBX and the TIBCO Product and Service Catalog is susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue allows low-privileged attackers with network access to inject malicious scripts, which can be executed by users accessing the affected applications. This vulnerability impacts versions of TIBCO EBX up to 5.9.22 and 6.0.13, as well as the TIBCO Product and Service Catalog versions up to 5.0.0, creating potential risks for data integrity and user security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TIBCO EBX 0 <= 5.9.22

TIBCO EBX 0 <= 6.0.13

TIBCO Product and Service Catalog powered by TIBCO EBX 0 <= 5.0.0

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Feb 20, 2023

JSON

Tibco

What is CVE-2023-26222?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.