TIBCO EBX Cross-site Scripting (XXS) Vulnerability
CVE-2023-26222

8.7HIGH

Key Information:

Vendor: Tibco
Status: Tibco Ebx; Tibco Product And Service Catalog Powered By Tibco Ebx
Vendor: CVE Published:; 14 November 2023

Summary

The Web Application component of TIBCO EBX and the TIBCO Product and Service Catalog is susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue allows low-privileged attackers with network access to inject malicious scripts, which can be executed by users accessing the affected applications. This vulnerability impacts versions of TIBCO EBX up to 5.9.22 and 6.0.13, as well as the TIBCO Product and Service Catalog versions up to 5.0.0, creating potential risks for data integrity and user security.

Affected Version(s)

TIBCO EBX 0 <= 5.9.22

TIBCO EBX 0 <= 6.0.13

TIBCO Product and Service Catalog powered by TIBCO EBX 0 <= 5.0.0

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Feb 20, 2023