Login Sign Up

CVE-2024-41705

7.1 HIGH
Cross-Site Scripting

📋 TL;DR

A stored cross-site scripting (XSS) vulnerability in Archer Platform allows authenticated attackers to inject malicious scripts into application data stores. When other users access these stores through their browsers, the scripts execute within the vulnerable application's context. This affects Archer Platform versions before specific patched releases.

💻 Affected Systems

Products:
  • Archer Platform
Versions: Versions before 6.14.0.4, 6.13.0.4, and 2024.06
Operating Systems: All supported OS for Archer Platform
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access; similar to CVE-2023-30639 but not identical.

📦 What is this software?

Archer by Archerirm

View all CVEs affecting Archer →

Archer by Archerirm

View all CVEs affecting Archer →

Archer by Archerirm

View all CVEs affecting Archer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as victims, redirect to malicious sites, or compromise user accounts and sensitive data.

🟠

Likely Case

Session hijacking, credential theft, or unauthorized actions performed in victims' sessions.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and content security policies in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access; stored XSS typically has low complexity once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.14.0.4, 6.13.0.4, or 2024.06

Vendor Advisory: https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/739717

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Archer support. 2. Apply the patch following Archer's upgrade documentation. 3. Restart Archer services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement server-side input validation and output encoding for user-supplied data in Archer customizations.

Content Security Policy

all

Deploy a strict Content Security Policy to mitigate XSS impact.

🧯 If You Can't Patch

  • Restrict user permissions to minimize who can inject content.
  • Monitor application logs for suspicious HTML/JavaScript injection attempts.

🔍 How to Verify

Check if Vulnerable:

Check Archer Platform version via Archer Admin Console or version files.

Check Version:

Check Archer Admin Console or consult Archer documentation for version verification commands.

Verify Fix Applied:

Confirm version is 6.14.0.4, 6.13.0.4, or 2024.06 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTML or JavaScript in user input logs
  • Multiple failed login attempts followed by successful ones

Network Indicators:

  • Unexpected outbound connections from Archer servers
  • Suspicious payloads in HTTP requests

SIEM Query:

source="archer_logs" AND (message="*script*" OR message="*javascript*" OR message="*onerror*" OR message="*onload*")

📊 Metadata

CVE ID: CVE-2024-41705
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-79
Published: July 25, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41705, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)