CVE-2019-20008

Sažetak

In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.

Reference

https://github.com/archerysec/archerysec/compare/archerysec-v1.2...v1.3
https://github.com/archerysec/archerysec/issues/338
https://github.com/archerysec/archerysec/releases/tag/v1.3

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

02-01-2020 - 14:27

Objavljeno

26-12-2019 - 23:15