Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application.
References
Configurations
History
05 Apr 2022, 23:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
First Time |
Rsa
Rsa archer |
|
CPE | cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
References | (MISC) https://www.archerirm.community/t5/security-advisories/archer-an-rsa-business-update-for-multiple-vulnerabilities/ta-p/674497 - Vendor Advisory | |
References | (MISC) https://www.archerirm.community/t5/general-support-information/tkb-p/information-support - Vendor Advisory |
30 Mar 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-30 00:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-26947
Mitre link : CVE-2022-26947
CVE.ORG link : CVE-2022-26947
JSON object : View
Products Affected
rsa
- archer
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')