Description:
TIBCO Administrator 5.3.0 hotfix 2 has been released.

You can download this Hot Fix from the TIBCO Product Support FTP server using your eSupport username and password, at
    ftp://support-ftp.tibco.com

Once you have successfully logged into the server, you will find the hotfix packages under
    available_downloads/ActiveEnterprise/TIBCOAdministrator/5.3.0/hotfix-2/


Listed below is a summary of updates included. Please refer to the associated readme document for any additional information.

======================================================================
Issues Closed in 5.3.0-hotfix2 (This release)

1-7B92Y3 TIBCO Administrator
A cross site scripting (XSS) vulnerability existed with userids,
roles, applications and folders whose names, descriptions or contact
fields with embedded script values would have those scripts run when
pages showing the values were displayed.  

All of these - where one user could use the vulnerability to attack
another - have been fixed by escaping the appropriate strings.
Additionally, on the login page, if a userid was entered (either
directly or by embedding it in the URL used to access the page)
that included java script, the script would be executed when the
login failure warning was displayed.

======================================================================
Issues Closed in 5.3.0-hotfix1

1-6VYQ5J TIBCO Administrator
Administrator did not correctly update the database password for an
application domain. As a result, the application domain would cease
to function and there would be no way to recover if the database
password was changed. This has been fixed.

======================================================================