Products | Versions |
---|---|
TIBCO PartnerExpress | 6.2.1 |
TIBCO PartnerExpress Cross Site Scripting vulnerabilities
Original release date: November 16, 2021
Last revised: ---
Source: TIBCO Software Inc.
Description
The components listed above contain easily exploitable Stored and Reflected
Cross Site Scripting (XSS) vulnerabilities that allow a low privileged
attacker to social engineer a legitimate user with network access to execute
scripts targeting the affected system or the victim's local system. A
successful attack using this vulnerability requires human interaction from a
person other than the attacker.
Impact
In the worst case, if the victim is a privileged administrator, successful
execution of these vulnerabilities can result in an attacker gaining full
administrative access to the affected system or the victim's local system.
CVSS v3 Base Score: 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)