PT-2024-21346 · Rsa · Archer Platform
Published
2024-02-21
·
Updated
2025-03-18
·
CVE-2024-26311
CVSS v3.1
5.7
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Archer Platform versions 6.x through 6.14 P2 HF1 (6.14.0.2.1)
Description
The issue allows a remote authenticated malicious Archer user to potentially exploit a reflected XSS vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.
Recommendations
For Archer Platform versions 6.x through 6.14 P2 HF1 (6.14.0.2.1), update to a version after 6.14 P2 HF1 (6.14.0.2.1) to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable web application to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Archer Platform