CVE-2019-20008

Name of the Vulnerable Software and Affected Versions Archery versions prior to 1.3

Description The issue allows for stored XSS on the vulnerability-scan scheduling page when an XSS payload is inserted into a project name. This can occur either by creating a new project or editing an existing one.

Recommendations For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to create or edit project names to minimize the risk of exploitation.