CVE-2024-26311

Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://archerirm.com
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134
https://archerirm.com
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134

Configurations

No configuration.

History

21 Nov 2024, 09:02

Type	Values Removed	Values Added
References	~~() https://archerirm.com -~~	() https://archerirm.com -
References	~~() https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134 -~~	() https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134 -

12 Nov 2024, 20:35

Type	Values Removed	Values Added
CWE		CWE-79

21 Feb 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-21 20:15

Updated : 2024-11-21 09:02

NVD link : CVE-2024-26311

Mitre link : CVE-2024-26311

CVE.ORG link : CVE-2024-26311

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-26311", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2024-02-21T20:15:46.967", "references": [{"url": "https://archerirm.com", "source": "cve@mitre.org"}, {"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134", "source": "cve@mitre.org"}, {"url": "https://archerirm.com", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application."}, {"lang": "es", "value": "Archer Platform 6.x anterior a 6.14 P2 HF1 (6.14.0.2.1) contiene una vulnerabilidad XSS reflejada. Un usuario malicioso de Archer autenticado remotamente podr\u00eda explotar esto enga\u00f1ando al usuario de la aplicaci\u00f3n v\u00edctima para que proporcione c\u00f3digo JavaScript malicioso a la aplicaci\u00f3n web vulnerable. Luego, este c\u00f3digo se refleja en la v\u00edctima y el navegador web lo ejecuta en el contexto de la aplicaci\u00f3n web vulnerable."}], "lastModified": "2024-11-21T09:02:20.967", "sourceIdentifier": "cve@mitre.org"}