CVE-2013-2372
https://notcve.org/view.php?id=CVE-2013-2372
Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Engine de TIBCO Spotfire Web Player v3.3.x anterior a v3.3.3, v4.0.x anterior a v4.0.3, v4.5.x anterior a v4.5.1, y v5.0.x anterior a v5.0.1 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2373
https://notcve.org/view.php?id=CVE-2013-2373
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. El Engine en TIBCO Spotfire Web Player v3.3.x anterior a v3.3.3, v4.0.x anterior a v4.0.3, 4.5.x anterior a v4.5.1, y v5.0.x anterior a v5.0.1 no aplica correctamente el control de acceso, lo que permite a atacantes remotos obtener información sensible o modificar datos a través de vectores no especificados. • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0690
https://notcve.org/view.php?id=CVE-2012-0690
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL. TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, y Analytics Client Application de Spotfire Analytics Server anteriores a 10.1.2; Server anteriores a 3.3.3; y Web Player, Automation Services, y Professional anteriores a 4.0.2 permiten a atacantes remotos obtener información confidencial a través de una URL modificada. • http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •