First published: Tue Mar 29 2022(Updated: )
Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | >=6.1.0.0<6.9.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-26947 is a reflected XSS vulnerability in Archer 6.x through 6.9 SP3 (6.9.3.0) that allows a remote authenticated malicious user to inject and execute malicious HTML or JavaScript code on a victim's web browser.
An attacker can exploit CVE-2022-26947 by tricking a victim into supplying malicious HTML or JavaScript code to the vulnerable Archer web application.
The severity of CVE-2022-26947 is medium, with a CVSS score of 5.4.
Yes, a patch is available for CVE-2022-26947. It is recommended to update to a version higher than 6.9.3.1 of RSA Archer.
You can find more information about CVE-2022-26947 on the RSA Archer Community website or the RSA Security Advisories page.