Reflected XSS in Archer 6.x by RSA
CVE-2022-26951

6.5MEDIUM

Key Information:

Vendor: Rsa
Status: Archer
Vendor: CVE Published:; 30 March 2022

Summary

The Archer product line from RSA, specifically versions 6.0 through 6.10, is susceptible to a reflected cross-site scripting (XSS) vulnerability. This weakness allows an attacker to exploit the system by tricking a user of the application into entering malicious HTML or JavaScript code. When these malicious inputs are processed by the vulnerable web application, they are reflected back to the victim’s web browser for execution within the context of the Archer application, potentially compromising user data and session integrity.

References

https://www.archerirm.community/t5/general-support-inform...

x_refsource_MISC

https://www.archerirm.community/t5/security-advisories/ar...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2022
Vulnerability Reserved
Mar 12, 2022