In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.
CPE | Name | Operator | Version |
---|---|---|---|
archerysec | eq | 1.0 | |
archerysec | eq | archerysec-v1.2 | |
archerysec | eq | ARCHERY-v1.0-beta | |
archerysec | eq | 1.1 |