CVE-2024-34091

Name of the Vulnerable Software and Affected Versions Archer Platform versions prior to 2024.04 Archer Platform version 6.14.0.3 is a fixed release, implying versions prior to 6.14.0.3 are also vulnerable, but since 6.14.0.3 is mentioned as a fixed release and it is part of the versions prior to 2024.04, we focus on the broader range for simplicity.

Description A stored cross-site scripting (XSS) issue allows a remote authenticated malicious user to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed, potentially rendering content inaccessible. This issue can be exploited by a malicious Archer user to affect other users of the application.

Recommendations For Archer Platform versions prior to 2024.04, update to version 6.14.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the data store or implementing additional validation and sanitization of user-inputted data to minimize the risk of exploitation.