CVE-2023-45358 – This stored cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-45358?

CVE-2023-45358 has a CVSS score of 8.5 (HIGH). This stored cross-site scripting (XSS) vulnerability in Archer Platform allows authenticated attackers to inject malicious scripts into the application's data store. When other users access the compromised data, their browsers execute the attacker's code within the trusted Archer application context. This affects Archer Platform 6.x versions before specific patches.

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in Archer Platform allows authenticated attackers to inject malicious scripts into the application's data store. When other users access the compromised data, their browsers execute the attacker's code within the trusted Archer application context. This affects Archer Platform 6.x versions before specific patches.

💻 Affected Systems

Products:

Archer Platform

Versions: 6.x before 6.13 P2 HF2 (6.13.0.2.2)

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: 6.14 (6.14.0) is also a fixed release. Requires authenticated user access.

📦 What is this software?

Archer by Archerirm

View all CVEs affecting Archer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as victims, exfiltrate sensitive data, or deploy additional malware within the Archer environment.

🟠

Likely Case

Session hijacking, data theft, or unauthorized actions performed under victim user accounts.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and content security policies in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated user access. Stored XSS typically has low exploitation complexity once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.13 P2 HF2 (6.13.0.2.2) or 6.14.0

Vendor Advisory: https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/708617

Restart Required: Yes

Instructions:

1. Download the patch from RSA Archer support portal. 2. Apply patch following Archer upgrade procedures. 3. Restart Archer services. 4. Verify successful installation.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for user-supplied data in Archer forms and fields

Content Security Policy

all

Implement strict CSP headers to restrict script execution

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block XSS payloads
Restrict user permissions to minimize attack surface and implement principle of least privilege

🔍 How to Verify

Check if Vulnerable:

Check Archer Platform version via Archer Control Panel or administrative interface

Check Version:

Check Archer version in administrative console or via Archer API

Verify Fix Applied:

Verify version is 6.13.0.2.2 or higher, or 6.14.0 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual HTML/JavaScript patterns in user input logs
Multiple failed XSS attempts in web server logs

Network Indicators:

Suspicious outbound connections from Archer server following user interactions

SIEM Query:

source="archer_logs" AND (message="*<script>*" OR message="*javascript:*" OR message="*onerror=*" OR message="*onload=*")

📊 Metadata

CVE ID: CVE-2023-45358

CVSS v3 Score: 8.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE: CWE-79

Published: October 17, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45358, you might also want to check these: