CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26312
https://notcve.org/view.php?id=CVE-2024-26312
06 May 2024 — Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. Archer Platform 6 anterior a 2024.03 contiene una vulnerabilidad de divulgación de información confidencial. Un atacante autenticado podría potencialmente obtener acceso a información confidencial a través de un mensaje de advertencia emergente. • https://archerirm.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34089
https://notcve.org/view.php?id=CVE-2024-34089
06 May 2024 — An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release. Se descubrió un... • https://archerirm.com •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34091
https://notcve.org/view.php?id=CVE-2024-34091
06 May 2024 — An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release. Se descub... • https://archerirm.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26310
https://notcve.org/view.php?id=CVE-2024-26310
21 Feb 2024 — Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges. Archer Platform 6.8 anterior a 6.14 P2 (6.14.0.2) contiene una vulnerabilidad de control de acceso inadecuado. Un usuario malicioso autenticado remotamente podría explotar esto para obtener acceso a información de API a la que solo debería ser accesible con ... • https://archerirm.com • CWE-284: Improper Access Control •