Description
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66737
Vendor Advisory x_refsource_confirm
http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt
Vendor Advisory x_refsource_confirm
http://www.tibco.com/mk/advisory.jsp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030070
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101873
Scores
EPSS
0.0032
EPSS Percentile
55.1%
Details
CWE
CWE-79
Status
published
Products (12)
tibco/messaging_appliance
< 8.7.0
tibco/rendezvous
7.4.11
tibco/rendezvous
7.5.1
tibco/rendezvous
7.5.2
tibco/rendezvous
7.5.3
tibco/rendezvous
7.5.4
tibco/rendezvous
8.2.1
tibco/rendezvous
8.3.0
tibco/rendezvous
8.3.1
tibco/rendezvous
8.10
... and 2 more
Published
Apr 08, 2014
Tracked Since
Feb 18, 2026