CVE-2024-26311 MEDIUM

CVE-2024-26311

Vendor N/A
Product n/a
Published February 21, 2024
Last update August 27, 2025

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:R

What the vulnerability does

01Description

Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application.

Key dates

02Disclosure timeline

February 21, 2024 CVE published
August 27, 2025 Record updated