CVE-2025-2261

Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.

CVSS

No CVSS.

References

Link	Resource
https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-bpm-enterprise-cve-2025-2261-r220/

Configurations

No configuration.

History

No history.

Information

Published : 2025-05-21 19:16

Updated : 2025-05-21 20:24

NVD link : CVE-2025-2261

Mitre link : CVE-2025-2261

CVE.ORG link : CVE-2025-2261

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-2261", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@tibco.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-21T19:16:08.333", "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-bpm-enterprise-cve-2025-2261-r220/", "source": "security@tibco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@tibco.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application."}, {"lang": "es", "value": "XSS almacenado en TIBCO ActiveMatrix Administrator permiten que datos maliciosos parezcan ser parte del sitio web y se ejecuten dentro del navegador del usuario bajo los privilegios de la aplicaci\u00f3n web."}], "lastModified": "2025-05-21T20:24:58.133", "sourceIdentifier": "security@tibco.com"}

CVE-2025-2261

JSON object

Attach tags to CVE-2025-2261

Attach tags to `CVE-2025-2261`