Vulcan

**Name of the Vulnerable Software and Affected Versions** Archery versions prior to 1.3 **Description** The issue allows for stored XSS on the vulnerability-scan scheduling page when an XSS payload is inserted into a project name. This can occur either by creating a new project or editing an existing one. **Recommendations** For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to create or edit project names to minimize the risk of exploitation.