CVEs-PoC/2021/CVE-2021-23272.md

### [CVE-2021-23272](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23272)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20BPM%20Enterprise%20Distribution%20for%20TIBCO%20Silver%20Fabric&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20BPM%20Enterprise&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Successful%20execution%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20read%20access%2C%20as%20well%20as%20unauthorized%20update%2C%20insert%20or%20delete%20access%20to%20a%20subset%20of%20AMX-BPM%20data%20on%20the%20affected%20system.&color=brightgreen)

### Description

The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.

### POC

#### Reference
- http://www.tibco.com/services/support/advisories

#### Github
No PoCs found on GitHub currently.