CVE-2017-14372

medium

Description

RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.

References

http://www.securitytracker.com/id/1039518

http://www.securityfocus.com/bid/101195

http://seclists.org/fulldisclosure/2017/Oct/12

Details

Source: Mitre, NVD

Published: 2017-10-11

Updated: 2017-10-27

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium