Stored XSS Vulnerability in Archer Platform Could Trigger Code Execution
CVE-2024-41706

7.3HIGH

Key Information:

Vendor: Archer Platform
Status: Archer
Vendor: CVE Published:; 25 July 2024

🔔 Create Archer Platform Vulnerability Alert

What is CVE-2024-41706?

A stored XSS vulnerability exists in the Archer Platform that allows an authenticated attacker to inject malicious HTML or JavaScript into the application’s data store. When the compromised data is accessed by other users, this malicious code can execute within their browsers, leading to unauthorized actions or data theft. The vulnerability affects versions of the Archer Platform before 2024.06 and includes the fixed release of version 6.14 P4 (6.14.0.4). Users are urged to upgrade to the latest version to mitigate risks.

References

https://www.archerirm.community/t5/platform-announcements...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2024
Vulnerability Reserved
Jul 22, 2024

CVE-2024-41706 Data

JSON