3 matches found
CVE-2024-41705
Archer Platform is affected by CVE-2024-41705: a stored XSS in the web data store allows a remote authenticated Archer user to store malicious HTML/JavaScript that executes in the browser context when other users view the data store. Affected versions include 6.8 prior to 2024.06, with fixed rele...
CVE-2024-41705
A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the...
Improper access control
Archer Platform 6.8 before 6.11 P3 6.11.0.3 contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 6.10.0.3.1 is also a fixed release...