CVE-2024-34089

Name of the Vulnerable Software and Affected Versions Archer Platform versions prior to 2024.04 Archer Platform version 6.14.0.3 is a fixed release, implying versions prior to 6.14.0.3 are also vulnerable, but since 6.14 P3 (6.14.0.3) is mentioned as a fixed release, it simplifies the affected range to before 2024.04.

Description A stored cross-site scripting (XSS) issue allows a remote authenticated malicious Archer user to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

Recommendations For Archer Platform versions prior to 2024.04, update to version 6.14.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the data store to minimize the risk of exploitation until a patch is applied.