Stored XSS Vulnerability in RSA Archer by RSA Security
CVE-2021-29252

5.4MEDIUM

Key Information:

Vendor: Rsa
Status: Archer
Vendor: CVE Published:; 26 May 2021

What is CVE-2021-29252?

RSA Archer versions prior to 6.9 SP1 P1 (6.9.1.1) are susceptible to a stored cross-site scripting (XSS) vulnerability. This issue allows remote authenticated users with permissions to modify link name fields to craft payloads that can lead to the execution of arbitrary code in the browsers of victims accessing those fields. Successful exploitation could compromise the integrity and confidentiality of user data.

References

https://www.rsa.com/en-us/company/vulnerability-response-...

x_refsource_MISC

https://community.rsa.com/t5/archer-product-advisories/rs...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Mar 26, 2021

Rsa

What is CVE-2021-29252?

References

CVSS V3.1

Timeline