CVE-2024-49210

Name of the Vulnerable Software and Affected Versions Archer Platform versions 6.x through 2024.08

Description A reflected XSS issue was discovered in an iView List Archer Platform UX page. This could allow a remote unauthenticated attacker to trick a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application. The malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application.

Recommendations For Archer Platform versions 6.x through 2024.08, update to version 2024.09 or later to resolve the issue. As a temporary workaround, consider restricting access to the iView List Archer Platform UX page until a patch is applied. Avoid using the vulnerable page in the affected Archer Platform versions until the issue is resolved.