CVE-2024-34090

Name of the Vulnerable Software and Affected Versions Archer Platform versions prior to 2024.04 Archer Platform version 6.14.0.3 is a fixed release, implying versions prior to 6.14.0.3 are also affected.

Description An issue was discovered in the Archer Platform, where there is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately.

Recommendations For Archer Platform versions prior to 2024.04, update to version 6.14.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the login banner in the Archer Control Panel (ACP) until a patch is available.