Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.
References
Link | Resource |
---|---|
https://archerirm.com | Product |
https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/682060 | Vendor Advisory |
Configurations
History
29 Aug 2022, 17:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:rsa:archer:*:*:*:*:*:*:*:* | |
First Time |
Rsa archer
Rsa |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 | |
References | (MISC) https://www.archerirm.community/t5/security-advisories/archer-update-for-multiple-vulnerabilities/ta-p/682060 - Vendor Advisory | |
References | (MISC) https://archerirm.com - Product |
25 Aug 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-25 23:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-37318
Mitre link : CVE-2022-37318
CVE.ORG link : CVE-2022-37318
JSON object : View
Products Affected
rsa
- archer
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')