CVE-2023-48642

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 12, 2023
Updated: Dec 14, 2023
CWE ID 79

Summary

CVE-2023-48642 is a vulnerability found in Archer Platform 6.x before 6.13 P2 (6.13.0.2) and 6.14 (6.14.0). It is an authenticated HTML content injection vulnerability that could be exploited by a remote authenticated malicious Archer user to store malicious HTML code in a trusted application data store. When unsuspecting users access the data store through their browsers, the malicious code gets executed in the context of the vulnerable application. The affected products include tHubPz, tHubP2, m9mErV, m9mErX, tHubP0, tHubP1, m9mErW, tza3dJ, t9y8aW, t9y8aX, sMgdVz, sMgdV0, and sMgdV1. The vulnerability has a base severity rating of MEDIUM with a CVSS score of 5.4 out of 10 and an exploitability score of 2.3 out of 10 according to [email protected]. The potential danger lies in the ability for attackers to inject and execute malicious code within the vulnerable application's context, posing risks to confidentiality and integrity of data. Note: The provided text is incomplete as it lacks some necessary information for a comprehensive report analysis such as remediation steps or additional details about the CWE-79 classification mentioned in the "cwe_id" field.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-48642 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options