CVE-2022-26947

Name of the Vulnerable Software and Affected Versions Archer versions 6.x through 6.9 SP3 (6.9.3.0)

Description The issue is a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application.

Recommendations For Archer versions 6.x through 6.9 SP3 (6.9.3.0), consider disabling the vulnerable web application functionality until a patch is available. Restrict access to the vulnerable web application to minimize the risk of exploitation. Avoid using the vulnerable web application to supply malicious HTML or JavaScript code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.