PT-2024-5260 · Rsa · Archer Platform
Published
2024-07-25
·
Updated
2024-08-01
·
CVE-2024-41705
CVSS v3.1
7.1
High
| Vector | AC:L/AV:L/A:N/C:H/I:H/PR:L/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions:
Archer Platform versions prior to 6.8 2024.06
Archer Platform versions 6.8 before 2024.06
Archer Platform versions 6.14 before 6.14.0.4
Archer Platform versions 6.13 before 6.13.0.4
Description:
The issue is related to the lack of protection of the web page structure in the Archer Platform, allowing an attacker to execute arbitrary HTML or JavaScript code. A remote authenticated malicious user could exploit this to store malicious code in a trusted application data store, which would then be executed by the web browser in the context of the vulnerable application when accessed by victim users.
Recommendations:
For Archer Platform versions prior to 6.8 2024.06, update to version 6.8 2024.06 or later.
For Archer Platform versions 6.8 before 2024.06, update to version 6.8 2024.06 or later.
For Archer Platform versions 6.14 before 6.14.0.4, update to version 6.14.0.4 or later.
For Archer Platform versions 6.13 before 6.13.0.4, update to version 6.13.0.4 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Archer Platform