CVE-2023-26218 – TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2023-26218
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.6.0 and below. • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-24967
https://notcve.org/view.php?id=CVE-2022-24967
Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). Black Rainbow NIMBUS versiones anteriores a 3.7.0, permite una vulnerabilidad de tipo Cross-site Scripting (XSS) almacenado • https://blackrainbow.com/corporate https://excellium-services.com/cert-xlm-advisory/CVE-2022-24967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-35499 – TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2021-35499
The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below. • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-26-2021-tibco-nimbus-2021-35499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •