CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0CVE-2019-11207 – TIBCO LogLogic Log Management Intelligence Multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-11207
The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-13-2019-tibco-loglogic-log-management-intelligence • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •