CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26949
https://notcve.org/view.php?id=CVE-2022-26949
29 Mar 2022 — Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. Archer versiones 6.x hasta 6.9 SP2 P1 (6.9.2.1) contiene una vulnerabilidad de control de acceso inapropiado en los archivos adjuntos. Un usuario malicioso autenticado de forma remota podría explotar esta vulnerabilidad para conseguir acceso a archiv... • https://www.archerirm.community/t5/general-support-information/tkb-p/information-support •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26947
https://notcve.org/view.php?id=CVE-2022-26947
29 Mar 2022 — Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and gets executed by the web browser in the context of the vulnerable web application. Archer versiones 6.x hasta 6.9 SP3 (6.9.3.0) contiene una vulnerabilidad de tipo... • https://www.archerirm.community/t5/general-support-information/tkb-p/information-support • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •