TIBCO EBX Add-on For Data Exchange Cross-Site Scripting Vulnerabilities Original release date: November 12, 2019 Last revised: --- Source: TIBCO Software Inc. Systems Affected TIBCO EBX Add-ons versions 3.20.13 and below TIBCO EBX Add-ons version 4.1.0 The following component is affected: * Data Exchange Web Interface Description The component listed above contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Impact The impact of this vulnerability includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component. CVSS v3 Base Score: 7.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N) Solution TIBCO has released updated versions of the affected systems which address this issue: TIBCO EBX Add-ons versions 3.20.13 and below update to version 3.20.14 or higher TIBCO EBX Add-ons version 4.1.0 update to version 4.2.0 or higher References http://www.tibco.com/services/support/advisories CVE-2019-17331