Reflected XSS Vulnerability in Archer Platform by RSA
CVE-2024-26311

5.7MEDIUM

Key Information:

Vendor: RSA
Status: Archer Platform
Vendor: CVE Published:; 21 February 2024

Summary

The Archer Platform versions prior to 6.14 P2 HF1 (6.14.0.2.1) are susceptible to a reflected XSS vulnerability. This issue allows a remote authenticated attacker to craft a malicious JavaScript payload that can be injected into the web application's response. If a victim user is tricked into executing this payload, the attacker's script is run in the context of the victim’s session. This could lead to unauthorized actions being performed on behalf of the user, potentially compromising sensitive data and operational integrity.

References

https://archerirm.com

https://www.archerirm.community/t5/platform-announcements...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Feb 19, 2024