First published: Fri Jan 29 2021(Updated: )
Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | >=6.6<6.6.0.8 | |
RSA Archer | >=6.7<6.7.0.8 | |
RSA Archer | >=6.8<6.8.0.5 | |
RSA Archer | >=6.9<6.9.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Archer XSS vulnerability is CVE-2020-29535.
CVE-2020-29535 has a severity level of medium, with a CVSS score of 5.4.
The Archer XSS vulnerability allows a remote authenticated malicious user to store malicious HTML or JavaScript code in a trusted application data store, which can be accessed by other users.
RSA Archer versions 6.6.0.8 to 6.8.0.5 are affected by CVE-2020-29535.
To fix the Archer XSS vulnerability, it is recommended to upgrade to a patched version of RSA Archer (6.8.0.4 or later) as soon as possible.