Stored XSS vulnerability discovered in Archer Platform 6.8 before 2024.06
CVE-2024-41705

7.1HIGH

Key Information:

Vendor: Archer Platform
Status: Archer
Vendor: CVE Published:; 25 July 2024

🔔 Create Archer Platform Vulnerability Alert

What is CVE-2024-41705?

A stored Cross-Site Scripting (XSS) vulnerability was identified in Archer Platform 6.8 prior to version 2024.06. This flaw allows a remote authenticated user to insert malicious HTML or JavaScript code into the application's data store, which can subsequently be executed in the browsers of other users accessing that same data. The integrity of the application is compromised as the malicious scripts run in the context of the vulnerable application, potentially leading to data theft or unauthorized actions. Versions 6.14.P4 (6.14.0.4) and 6.13 P4 (6.13.0.4) have released patches addressing this issue.

References

https://www.archerirm.community/t5/platform-announcements...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2024
Vulnerability Reserved
Jul 22, 2024

CVE-2024-41705 Data

JSON