CVE-2017-8016
MEDIUMRSA Archer GRC Platform < 6.2.0.5 - Authenticated Stored Cross-Site Scripting via Questionnaire ID Field
Title source: llmDescription
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039518
Mailing List, Third Party Advisory, VDB Entry x_refsource_confirm
http://seclists.org/fulldisclosure/2017/Oct/12
Scores
CVSS v3
5.4
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
emc/archer_grc_platform
< 6.2.0.4
n/a/RSA Archer GRC Platform versions prior to 6.2.0.5
RSA Archer GRC Platform versions prior to 6.2.0.5
Published
Oct 11, 2017
Tracked Since
Feb 18, 2026