Vulnerability Details CVE-2023-45358
Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.2%
CVSS Severity
CVSS v3 Score 8.5
References
Products affected by CVE-2023-45358
-
cpe:2.3:a:archerirm:archer:6.10.0.3
-
cpe:2.3:a:archerirm:archer:6.11.0.4
-
cpe:2.3:a:archerirm:archer:6.12.0.0
-
cpe:2.3:a:archerirm:archer:6.12.0.6
-
cpe:2.3:a:archerirm:archer:6.12.0.6.1
-
cpe:2.3:a:archerirm:archer:6.13.0
-
cpe:2.3:a:archerirm:archer:6.13.0.1
-
cpe:2.3:a:archerirm:archer:6.13.0.2
-
cpe:2.3:a:archerirm:archer:6.3.0.0
-
cpe:2.3:a:archerirm:archer:6.8.0.0
-
cpe:2.3:a:archerirm:archer:6.9.3.4