CVE-2024-26311

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

rcher Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.

References

Link	Resource
https://archerirm.com	Product
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134	Vendor Advisory
https://archerirm.com	Product
https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*

History

18 Mar 2025, 17:53

Type	Values Removed	Values Added
CPE		cpe:2.3:a:archerirm:archer::::::::
First Time		Archerirm archer Archerirm
References	~~() https://archerirm.com -~~	() https://archerirm.com - Product
References	~~() https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134 -~~	() https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134 - Vendor Advisory

21 Nov 2024, 09:02

Type	Values Removed	Values Added
References	~~() https://archerirm.com -~~	() https://archerirm.com -
References	~~() https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134 -~~	() https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134 -

12 Nov 2024, 20:35

Type	Values Removed	Values Added
CWE		CWE-79

Information

Published : 2024-02-21 20:15

Updated : 2025-03-18 17:53

NVD link : CVE-2024-26311

Mitre link : CVE-2024-26311

CVE.ORG link : CVE-2024-26311

JSON object : View

Products Affected

archer

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-26311", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2024-02-21T20:15:46.967", "references": [{"url": "https://archerirm.com", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://archerirm.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application."}, {"lang": "es", "value": "Archer Platform 6.x anterior a 6.14 P2 HF1 (6.14.0.2.1) contiene una vulnerabilidad XSS reflejada. Un usuario malicioso de Archer autenticado remotamente podr\u00eda explotar esto enga\u00f1ando al usuario de la aplicaci\u00f3n v\u00edctima para que proporcione c\u00f3digo JavaScript malicioso a la aplicaci\u00f3n web vulnerable. Luego, este c\u00f3digo se refleja en la v\u00edctima y el navegador web lo ejecuta en el contexto de la aplicaci\u00f3n web vulnerable."}], "lastModified": "2025-03-18T17:53:45.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF726E00-538F-49C5-ABCC-B45674F16FB1", "versionEndExcluding": "6.14.0.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}