XSS in Tibco Spotfire_web_player
CVE-2013-2372
Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspe…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.011 (62.8th percentile) — read the EPSS interpretation.
Affected products
- Tibco Spotfire_web_player — versions 3.3, 3.3.2, 4.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)