CVE-2024-26313

Name of the Vulnerable Software and Affected Versions Archer Platform versions 6.x through 6.14 P2 before HF2 (6.14.0.2.2) Archer Platform versions 6.13 before P3 HF1 (6.13.0.3.1)

Description The issue is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

Recommendations For Archer Platform versions 6.x through 6.14 P2 before HF2 (6.14.0.2.2), update to version 6.14 P2 HF2 (6.14.0.2.2) or later. For Archer Platform versions 6.13 before P3 HF1 (6.13.0.3.1), update to version 6.13 P3 HF1 (6.13.0.3.1) or later.