Vulnerability Details CVE-2020-5334
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.3%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 4.3
References
Products affected by CVE-2020-5334
-
cpe:2.3:a:rsa:archer:6.1
-
cpe:2.3:a:rsa:archer:6.1.0.0
-
cpe:2.3:a:rsa:archer:6.1.0.3
-
cpe:2.3:a:rsa:archer:6.2
-
cpe:2.3:a:rsa:archer:6.3
-
cpe:2.3:a:rsa:archer:6.4
-
cpe:2.3:a:rsa:archer:6.4.0.1
-
cpe:2.3:a:rsa:archer:6.4.0.2
-
cpe:2.3:a:rsa:archer:6.5
-
cpe:2.3:a:rsa:archer:6.6.0.2
-
cpe:2.3:a:rsa:archer:6.6.0.3
-
cpe:2.3:a:rsa:archer:6.6.0.8
-
cpe:2.3:a:rsa:archer:6.7
-
cpe:2.3:a:rsa:archer:6.7.0.1