RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Oct/12 | Mailing List Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/101195 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039518 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2017-10-11 19:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-14372
Mitre link : CVE-2017-14372
CVE.ORG link : CVE-2017-14372
JSON object : View
Products Affected
rsa
- archer_grc_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')