Vulnerability Details CVE-2019-20008
In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 50.3%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/archerysec/archerysec/compare/archerysec-v1.2...v1.3
- https://github.com/archerysec/archerysec/issues/338
- https://github.com/archerysec/archerysec/releases/tag/v1.3
- https://github.com/archerysec/archerysec/compare/archerysec-v1.2...v1.3
- https://github.com/archerysec/archerysec/issues/338
- https://github.com/archerysec/archerysec/releases/tag/v1.3
Products affected by CVE-2019-20008
-
cpe:2.3:a:archerysec:archery:1.0
-
cpe:2.3:a:archerysec:archery:1.1
-
cpe:2.3:a:archerysec:archery:1.2