CVE-2024-41706

Name of the Vulnerable Software and Affected Versions: Archer Platform versions prior to 2024.06 Archer Platform version 6.14.0.4 is a fixed release, implying versions prior to this are also affected, but for clarity and following the instruction to list versions prior to a fixed version, we focus on the major release.

Description: A stored XSS issue was discovered, allowing a remote authenticated malicious user to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. This issue is related to the lack of protection measures for the web page structure, which can be exploited to execute arbitrary HTML or JavaScript code.

Recommendations: For Archer Platform versions prior to 2024.06, update to version 2024.06 or later to resolve the issue. For versions where updating is not immediately possible, consider restricting access to the application data store to minimize the risk of exploitation until a patch can be applied.