### [CVE-2021-43047](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43047)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20PartnerExpress&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=In%20the%20worst%20case%2C%20if%20the%20victim%20is%20a%20privileged%20administrator%2C%20successful%20execution%20of%20these%20vulnerabilities%20can%20result%20in%20an%20attacker%20gaining%20full%20administrative%20access%20to%20the%20affected%20system%20or%20the%20victim's%20local%20system.&color=brightgreen)

### Description

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.

### POC

#### Reference
- https://www.tibco.com/services/support/advisories

#### Github
No PoCs found on GitHub currently.