Stored XSS Vulnerability in Archer by RSA Security
CVE-2020-29535

5.3MEDIUM

Key Information:

Vendor: Rsa
Status: Archer
Vendor: CVE Published:; 29 January 2021

What is CVE-2020-29535?

The affected version of Archer contains a stored XSS vulnerability that could be exploited by a remote authenticated user. This allows attackers to introduce malicious HTML or JavaScript code into a trusted application data store. When legitimate users access this corrupted data, their web browsers may execute the injected code within the context of the Archer application, potentially compromising sensitive information and functionality.

References

https://www.rsa.com/en-us/company/vulnerability-response-...

x_refsource_MISC

https://community.rsa.com/docs/DOC-115223

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2021
Vulnerability Reserved
Dec 3, 2020

JSON

Rsa

What is CVE-2020-29535?

References

CVSS V3.1

Timeline