CVE-2018-18807 HIGH

CVE-2018-18807: TIBCO Statistica Server Vulnerable to Cross Site Scripting

Vendor Tibco Software Inc.
Product TIBCO Statistica Server
Published November 26, 2018
Last update September 16, 2024

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0.

Key dates

02Disclosure timeline

November 26, 2018 CVE published
September 16, 2024 Record updated