Archer

archer

Vendor: Archerirm • 28 CVEs

CVEs (28)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-45358 1Archerirm 1Archer Nov 21, 2024 Oct 17, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious...Show more Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release.Show less
CVE-2023-45357 1Archerirm 1Archer Nov 21, 2024 Oct 17, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning messag...Show more Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release.Show less
CVE-2023-37224 1Archerirm 1Archer Nov 21, 2024 Jul 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.
CVE-2023-37223 1Archerirm 1Archer Nov 21, 2024 Jul 14, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script.
CVE-2023-32761 1Archerirm 1Archer Nov 21, 2024 Jul 14, 2023 N/A· v4 8.0 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.
CVE-2023-32760 1Archerirm 1Archer Nov 21, 2024 Jul 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.
CVE-2023-32759 1Archerirm 1Archer Nov 21, 2024 Jul 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.
CVE-2023-30639 1Archerirm 1Archer Jan 30, 2025 May 1, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript cod...Show more Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4) is also a fixed release.Show less

Previous 12