CVE-2017-8016

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.
References
Link Resource
http://seclists.org/fulldisclosure/2017/Oct/12 Mailing List Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039518 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:emc:archer_grc_platform:*:*:*:*:*:*:*:*

Information

Published : 2017-10-11 12:29

Updated : 2017-11-03 10:19


NVD link : CVE-2017-8016

Mitre link : CVE-2017-8016


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

emc

  • archer_grc_platform