Lucene search

MitreCVELIST:CVE-2024-34089

HistoryMay 06, 2024 - 12:00 a.m.

CVE-2024-34089

2024-05-0600:00:00

mitre

www.cve.org

cve-2024-34089

stored cross-site scripting

remote authenticated

malicious code

web browser

fixed release

data store

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release.

References

archerirm.com

www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/720963

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-34089