Description
Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.tibco.com/services/support/advisories/default.jsp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025999
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45864
Vendor Advisory x_refsource_confirm
http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt
Scores
EPSS
0.0028
EPSS Percentile
51.2%
Details
CWE
CWE-79
Status
published
Products (8)
tibco/spotfire_analytics_server
10.0.0
tibco/spotfire_analytics_server
< 10.0.1
tibco/spotfire_server
3.0.0
tibco/spotfire_server
3.0.1
tibco/spotfire_server
3.1.0
tibco/spotfire_server
3.1.1
tibco/spotfire_server
3.2.0
tibco/spotfire_server
3.3.0
Published
Sep 02, 2011
Tracked Since
Feb 18, 2026