PYSEC-2019-112

2019-12-2623:15:00

Google

osv.dev

0.001 Low

EPSS

Percentile

26.4%

JSON

In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.

CPENameOperatorVersion
pyarcheryeq0.3
pyarcheryeq0.2
pyarcheryeq1.0
pyarcheryeq1.2.0
pyarcheryeq1.1.0
pyarcheryeq0.1

Name	Operator	Version
pyarchery	eq	0.3
pyarchery	eq	0.2
pyarchery	eq	1.0
pyarchery	eq	1.2.0
pyarchery	eq	1.1.0
pyarchery	eq	0.1

References

github.com/archerysec/archerysec/compare/archerysec-v1.2...v1.3

github.com/archerysec/archerysec/issues/338

github.com/archerysec/archerysec/releases/tag/v1.3

0.001 Low

EPSS

Percentile

26.4%

JSON

Related for OSV:PYSEC-2019-112