XSS in Tibco Spotfire_web_player

CVE-2013-2372

Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspe…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.011 (62.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References