CVE-2017-17972

Name of the Vulnerable Software and Affected Versions Archon version 3.21 rev-1

Description The issue concerns an XSS vulnerability in the referer parameter of an index.php?subjecttypeid=xxx request, specifically in the subjects.php file within the packages/subjects/pub directory. This vulnerability allows for potential exploitation.

Recommendations For Archon version 3.21 rev-1, consider restricting access to the referer parameter in the index.php?subjecttypeid=xxx request to minimize the risk of exploitation. As a temporary workaround, avoid using the referer parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.