CVE-2023-48642: XSS
First published: Tue Dec 12 2023(Updated: )
Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RSA Archer | >=6.0.0<6.14.0 | |
| RSA Archer | <6.13.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-48642?
The severity of CVE-2023-48642 is rated as medium with a CVSS score of 5.4.
How can I mitigate CVE-2023-48642 in Archer Platform 6.x?
To mitigate CVE-2023-48642, it is recommended to update the Archer Platform to version 6.13 P2 (6.13.0.2) or later.
- agent/type
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/archerirm
- canonical/rsa archer
- version/rsa archer/6.0.0