CVE-2024-26311

{"id": "CVE-2024-26311", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2024-02-21T20:15:46.967", "references": [{"url": "https://archerirm.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://archerirm.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application."}, {"lang": "es", "value": "Archer Platform 6.x anterior a 6.14 P2 HF1 (6.14.0.2.1) contiene una vulnerabilidad XSS reflejada. Un usuario malicioso de Archer autenticado remotamente podr\u00eda explotar esto enga\u00f1ando al usuario de la aplicaci\u00f3n v\u00edctima para que proporcione c\u00f3digo JavaScript malicioso a la aplicaci\u00f3n web vulnerable. Luego, este c\u00f3digo se refleja en la v\u00edctima y el navegador web lo ejecuta en el contexto de la aplicaci\u00f3n web vulnerable."}], "lastModified": "2025-03-18T17:53:45.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF726E00-538F-49C5-ABCC-B45674F16FB1", "versionEndExcluding": "6.14.0.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}