Severity: Medium

 

Summary: An authenticated attacker with the ability to upload or edit a workbook might be able to trigger a cross-site scripting (XSS) vulnerability in Tableau Server. 

 

Vulnerable Versions: Tableau Server 8.2.0 (through 8.2.19), 8.3.0 (through 8.3.14), 9.0.0 (through 9.0.16), 9.1.0 (through 9.1.12), 9.2.0 (through 9.2.11), 9.3.0 (through 9.3.6), 10.0.0

 

Workaround:  None

 

Resolution: The issue can be fixed by upgrading to the following Tableau Server versions:

Tableau Server 8.2.20

Tableau Server 8.3.15

Tableau Server 9.0.17

Tableau Server 9.1.13

Tableau Server 9.2.12

Tableau Server 9.3.7

Tableau Server 10.0.1

 

Acknowledgement:  This issue was found internally