CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26217 – TIBCO EBX Add-ons SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-26217
The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0. • https://www.tibco.com/services/support/advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41566 – TIBCO EBX Add-ons Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-41566
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below. • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30578 – TIBCO EBX Add-ons Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2022-30578
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below. • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-sep-21-2022-ebx-add-ons-cve-2022-30578 https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-21-2022-tibco-ebx-add-ons-cve-2022 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 45EXPL: 0CVE-2022-22769 – TIBCO EBX vulnerabilities
https://notcve.org/view.php?id=CVE-2022-22769
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.124 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, TIBCO EBX: versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3, TIBCO EBX Add-ons: versions 3.20.18 and below, TIBCO EBX Add-ons: versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6, TIBCO EBX Add-ons: versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0, and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.1.0 and below. • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-19-2022-tibco-ebx-2022-22769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •