CVE-2017-8016

Name of the Vulnerable Software and Affected Versions RSA Archer GRC Platform versions prior to 6.2.0.5

Description The issue allows stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

Recommendations For versions prior to 6.2.0.5, update to version 6.2.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Questionnaire ID field to minimize the risk of exploitation.