CVE-2023-45358

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 17, 2023

Updated: Oct 24, 2023

CWE ID 79

Summary

CVE-2023-45358 is a stored cross-site scripting (XSS) vulnerability affecting Archer Platform 6.x before version 6.13 P2 HF2 (6.13.0.2.2). A malicious user, who has access to the platform and is authenticated, can exploit this flaw to inject malicious HTML or JavaScript code into a trusted application data store. This code gets executed in the context of the vulnerable application when victim users access the data store through their web browsers. Archer Platform's version 6.14 (6.14.0) has been released as a fixed version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Archer Integrated Risk Management

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s8DhbU
https://www.cve.org/CVERecord?id=CVE-2023-45358
https://nvd.nist.gov/vuln/detail/CVE-2023-45358

Back to Vulnerability Database

CVE-2023-45358

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations