CVE-2024-41707: XSS
First published: Thu Jul 25 2024(Updated: )
An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RSA Archer | <2024.06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-41707?
CVE-2024-41707 has a medium severity rating due to the potential for HTML content injection by authenticated users.
How do I fix CVE-2024-41707?
To fix CVE-2024-41707, upgrade to Archer Platform version 2024.06 or later.
Who is affected by CVE-2024-41707?
Authenticated users of Archer Platform versions prior to 2024.06 are affected by CVE-2024-41707.
What type of vulnerability is CVE-2024-41707?
CVE-2024-41707 is categorized as an HTML content injection vulnerability.
What are the potential impacts of CVE-2024-41707?
The potential impacts of CVE-2024-41707 include the ability for a malicious user to store and execute harmful HTML code within the application.
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/event
- agent/author
- agent/severity
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/archerirm
- canonical/rsa archer