CVE-2017-14372

RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
References
Link Resource
http://seclists.org/fulldisclosure/2017/Oct/12 Mailing List Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101195 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039518 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:rsa:archer_grc_platform:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-10-11 19:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-14372

Mitre link : CVE-2017-14372

CVE.ORG link : CVE-2017-14372


JSON object : View

Products Affected

rsa

  • archer_grc_platform
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')