CVE-2023-45358

Name of the Vulnerable Software and Affected Versions Archer Platform versions 6.x through 6.13 P2 HF1 Archer Platform version 6.13 P2 HF2 is not affected, but versions prior to 6.13 P2 HF2 are vulnerable.

Description The issue is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

Recommendations For Archer Platform versions 6.x through 6.13 P2 HF1, update to version 6.13 P2 HF2 or later to resolve the issue. For Archer Platform version 6.14, no action is required as it is a fixed release.