CVE-2024-41706

HIGH 7.3

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P4 (6.14.0.4) is also a fixed release.

Vendor	n/a
Product	n/a
Published	Jul 25, 2024
Last Updated	Aug 2, 2024

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:R

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

archerirm.community: https://www.archerirm.community/t5/platform-announcements/announcing-archer-platform-release-2024-06/ta-p/722094 archerirm.community: https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/739717