CVE-2017-14370

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
References
Link Resource
http://seclists.org/fulldisclosure/2017/Oct/12 Mailing List Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039518 Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2017/Oct/12 Mailing List Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039518 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:rsa:archer_grc_platform:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:12

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2017/Oct/12 - Mailing List, Third Party Advisory, VDB Entry () http://seclists.org/fulldisclosure/2017/Oct/12 - Mailing List, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1039518 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1039518 - Third Party Advisory, VDB Entry

Information

Published : 2017-10-11 19:29

Updated : 2024-11-21 03:12


NVD link : CVE-2017-14370

Mitre link : CVE-2017-14370

CVE.ORG link : CVE-2017-14370


JSON object : View

Products Affected

rsa

  • archer_grc_platform
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')