RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Oct/12 | Mailing List Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039518 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-10-11 12:29
Updated : 2017-11-03 10:19
NVD link : CVE-2017-8016
Mitre link : CVE-2017-8016
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
emc
- archer_grc_platform