Summary: An authenticated attacker with the ability to upload or edit a workbook might be able to trigger a cross-site scripting (XSS) vulnerability in Tableau Server.
Vulnerable Versions: Tableau Server 8.2.0 (through 8.2.19), 8.3.0 (through 8.3.14), 9.0.0 (through 9.0.16), 9.1.0 (through 9.1.12), 9.2.0 (through 9.2.11), 9.3.0 (through 9.3.6), 10.0.0
Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:
Tableau Server 8.2.20
Tableau Server 8.3.15
Tableau Server 9.0.17
Tableau Server 9.1.13
Tableau Server 9.2.12
Tableau Server 9.3.7
Tableau Server 10.0.1
Acknowledgement: This issue was found internally
Become a Viz Whiz on the Forums!
Support the Community and master Tableau.