RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Object Model (DOM) based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.
Metrics
CVSS Version: 3.1 |
Base Score: 8.2 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L