CVE-2019-20008 – pyarchery

Package

Manager: pip
Name: pyarchery
Vulnerable Version: =0.1 || =0.2 || =0.3 || =1.0 || =1.1.0 || =1.2.0 || >=0 <1.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0036 pctl0.57399

Details

In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.

Metadata

Created: 2019-12-26T23:15:00Z
Modified: 2023-11-08T04:01:30.020778Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F425
Auto approve: 1