9 matches found
CVE-2021-33616
RSA Archer 6.x through 6.9 SP1 P4 6.9.1.4 allows stored XSS...
CVE-2022-26949
Archer 6.x through 6.9 SP2 P1 6.9.2.1 contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges...
Cross site scripting
Archer 6.x through 6.9 SP3 6.9.3.0 contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the...
Improper access control
Archer 6.x through 6.9 SP2 P1 6.9.2.1 contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges...
Cross site scripting
Archer 6.x through 6.10 6.10.0.0 contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the...
Open redirect
Archer 6.x through 6.9 P2 6.9.0.2 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to t...
CVE-2022-26951
CVE-2022-26951 affects Archer 6.x up to 6.10 (6.10.0.0). The vulnerability is a reflected cross-site scripting (XSS) flaw: a remote, SAML-authenticated Archer user could coax a victim application user into submitting malicious HTML/JavaScript to the vulnerable web app, with the malicious code the...
CVE-2022-26950
Archer 6.x through 6.9 P2 6.9.0.2 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to t...
CVE-2022-26949
Archer 6.x through 6.9 SP2 P1 6.9.2.1 contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges...