CVE-2011-3423

TIBCO - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (7)

[Various Sources] http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt

[Various Sources] http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/69806

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/49619

[Third Party Advisory, VDB Entry] http://www.osvdb.org/75396

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1026051

[Third Party Advisory] http://secunia.com/advisories/45976

Scores

EPSS 0.0047

EPSS Percentile 64.6%

Classification

CWE

CWE-79

Status published

Affected Products (10)

tibco/managed_file_transfer_command_center < 7.1.0

tibco/managed_file_transfer_command_center

tibco/managed_file_transfer_command_center

tibco/managed_file_transfer_command_center

tibco/managed_file_transfer_internet_server < 7.1.0

tibco/managed_file_transfer_internet_server

tibco/managed_file_transfer_internet_server

tibco/managed_file_transfer_internet_server

tibco/slingshot < 1.8.0

n/a/n/a

Timeline

Published Sep 19, 2011

Tracked Since Feb 18, 2026