First published: Tue Mar 29 2022(Updated: )
Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
RSA Archer | >=6.1.0.0<6.10.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-26951.
The severity of CVE-2022-26951 is medium with a severity value of 6.1.
The affected software for CVE-2022-26951 is RSA Archer version 6.x through 6.10 (6.10.0.0).
CVE-2022-26951 is a reflected XSS vulnerability that can be exploited by a remote SAML-unauthenticated malicious Archer user tricking a victim application user into supplying malicious HTML or JavaScript code.
At this time, there are no specific fixes or patches available for CVE-2022-26951. It is recommended to stay updated with the latest security advisories and follow best practices to mitigate the vulnerability.