cvedb.io
CVE-2024-41706
HIGH · CVSS 7.3
EPSS exploitation probability: 0%
Published 2024-07-25T08:15:02.783 · Last modified 2026-06-17T07:48:05.330

Summary

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P4 (6.14.0.4) is also a fixed release.

Affected products

archerirm — archer

Does this affect you?

Add your gear to cvedb and we'll alert you only when archerirm ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.