CVE-2024-41707

25 Jul 2024

Título es

CVE-2024-41707

Jue, 25/07/2024 – 08:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-41707

Descripción en

An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

25/07/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://www.archerirm.community/t5/platform-announcements/announcing-archer-platform-release-2024-06/ta-p/722094

https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/739717

Enviar en el boletín

Off

CVE-2024-41707

CVE-2024-41707

Jose Alexis Correa Valencia