CVE-2024-41706

25 Jul 2024

Título es

CVE-2024-41706

Jue, 25/07/2024 – 08:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-41706

Descripción en

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P4 (6.14.0.4) is also a fixed release.

25/07/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

7.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://www.archerirm.community/t5/platform-announcements/announcing-archer-platform-release-2024-06/ta-p/722094

https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/739717

Enviar en el boletín

Off

CVE-2024-41706

CVE-2024-41706

Jose Alexis Correa Valencia