CVE-2024-49211

MEDIUM

Archer 6.3.0.0-2024.08 - Unauthenticated Reflected Cross-Site Scripting in Dashboard Listing Page

Title source: llm
STIX 2.1

Description

Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application.

Scores

CVSS v3 5.2
EPSS 0.0032
EPSS Percentile 24.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
archerirm/archer 6.3.0.0 - 2024.09
Published Oct 22, 2024
Tracked Since Feb 18, 2026