Stored XSS Vulnerability in Archery 1.3 and Earlier Versions

Stored XSS Vulnerability in Archery 1.3 and Earlier Versions

CVE-2019-20008 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.

Learn more about our Web Application Penetration Testing UK.