First published: Wed May 26 2021(Updated: )
RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with access to modify link name fields could potentially exploit this vulnerability to execute code in a victim's browser.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | >=6.6<6.6.0.8 | |
RSA Archer | >=6.7<6.7.0.8 | |
RSA Archer | >=6.8<6.8.0.5 | |
RSA Archer | >=6.9<6.9.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-29252 is a stored XSS vulnerability in RSA Archer before 6.9 SP1 P1 (6.9.1.1).
CVE-2021-29252 affects RSA Archer versions 6.6.0.8 to 6.9.1.1.
The severity of CVE-2021-29252 is medium with a CVSS score of 5.4.
A remote authenticated malicious user with access to modify link name fields in RSA Archer could exploit CVE-2021-29252 to execute code in a victim's browser.
You can find more information about CVE-2021-29252 in the RSA Archer Product Advisories and RSA's vulnerability response policy.