CVE-2024-49210
MEDIUMArcher 6.3.0.0-2024.09 - Unauthenticated Reflected Cross-Site Scripting in iView List UX Page
Title source: llmDescription
Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application.
References (2)
Core 2
Scores
CVSS v3
5.2
EPSS
0.0032
EPSS Percentile
24.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
archerirm/archer
6.3.0.0 - 2024.09
Published
Oct 22, 2024
Tracked Since
Feb 18, 2026