{"api_version":"1","generated_at":"2026-04-23T00:38:49+00:00","cve":"CVE-2017-8016","urls":{"html":"https://cve.report/CVE-2017-8016","api":"https://cve.report/api/cve/CVE-2017-8016.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-8016","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-8016"},"summary":{"title":"CVE-2017-8016","description":"RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.","state":"PUBLIC","assigner":"security_alert@emc.com","published_at":"2017-10-11 19:29:00","updated_at":"2017-11-03 17:19:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2017/Oct/12","name":"http://seclists.org/fulldisclosure/2017/Oct/12","refsource":"CONFIRM","tags":["Mailing List","Third Party Advisory","VDB Entry"],"title":"Full Disclosure: ESA-2017-111: RSA ArcherĀ® GRC Platform Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1039518","name":"1039518","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"RSA Archer eGRC Multiple Bugs Let Remote Users Upload Files and Conduct Cross-Site Scripting Attacks and Let Remote Authenticated Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-8016","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8016","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"8016","vulnerable":"1","versionEndIncluding":"6.2.0.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"archer_grc_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security_alert@emc.com","ID":"CVE-2017-8016","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"RSA Archer GRC Platform versions prior to 6.2.0.5","version":{"version_data":[{"version_value":"RSA Archer GRC Platform versions prior to 6.2.0.5"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Stored Cross Site Scripting"}]}]},"references":{"reference_data":[{"name":"1039518","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039518"},{"name":"http://seclists.org/fulldisclosure/2017/Oct/12","refsource":"CONFIRM","url":"http://seclists.org/fulldisclosure/2017/Oct/12"}]}},"nvd":{"publishedDate":"2017-10-11 19:29:00","lastModifiedDate":"2017-11-03 17:19:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:archer_grc_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"6.2.0.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"8016","Ordinal":"104903","Title":"CVE-2017-8016","CVE":"CVE-2017-8016","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"8016","Ordinal":"1","NoteData":"RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"8016","Ordinal":"2","NoteData":"2017-10-11","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"8016","Ordinal":"3","NoteData":"2017-10-12","Type":"Other","Title":"Modified"}]}}}