CVE-2023-48642

Summary

CVE-2023-48642 is a vulnerability found in Archer Platform 6.x before 6.13 P2 (6.13.0.2) and 6.14 (6.14.0). It is an authenticated HTML content injection vulnerability that could be exploited by a remote authenticated malicious Archer user to store malicious HTML code in a trusted application data store. When unsuspecting users access the data store through their browsers, the malicious code gets executed in the context of the vulnerable application. The affected products include tHubPz, tHubP2, m9mErV, m9mErX, tHubP0, tHubP1, m9mErW, tza3dJ, t9y8aW, t9y8aX, sMgdVz, sMgdV0, and sMgdV1. The vulnerability has a base severity rating of MEDIUM with a CVSS score of 5.4 out of 10 and an exploitability score of 2.3 out of 10 according to [email protected]. The potential danger lies in the ability for attackers to inject and execute malicious code within the vulnerable application's context, posing risks to confidentiality and integrity of data. Note: The provided text is incomplete as it lacks some necessary information for a comprehensive report analysis such as remediation steps or additional details about the CWE-79 classification mentioned in the "cwe_id" field.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.