RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26884
Reference (s):
- https://community.rsa.com/docs/DOC-114997