Описание
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
Ссылки
- Mailing ListThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 6.2.0.4 (включая)
cpe:2.3:a:rsa:archer_grc_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.0028
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
EPSS
Процентиль: 51%
0.0028
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79