CVE-2023-26218 - Cross-site Scripting vulnerabilities in TIBCO Nimbus

1. Vulnerability Properties

Title: Cross-site Scripting (XSS) vulnerabilities in TIBCO Nimbus
CVE ID: CVE-2023-26218
CVSSv3 Base Score: 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Vendor: TIBCO
Products: TIBCO Nimbus
Advisory Release Date: 27-09-2023
Advisory URL:
Credits: Discovery by Pedro Miguel Ferreira <pedro.miguel.ferreira[at]>

2. Vulnerability Summary

TIBCO Nimbus is vulnerable to several Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim’s local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker.

3. Vulnerable Versions

TIBCO Nimbus versions 10.6.0 and below.

4. Solution

TIBCO has released updated versions of the affected systems which address this issue:

  • TIBCO Nimbus versions 10.6.0 and below: update to version 10.6.1 or later

5. Vulnerability Timeline

  • 21/Jul/23 - Bug reported to TIBCO
  • 25/Jul/23 - Bug verified by vendor
  • 22/Nov/23 - Advisory released

6. References


© 2024 INTEGRITY S.A. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.