{"id":"CVE-2019-20008","details":"In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.","aliases":["PYSEC-2019-112"],"modified":"2026-04-11T21:01:48.800223Z","published":"2019-12-26T23:15:11.303Z","references":[{"type":"ADVISORY","url":"https://github.com/archerysec/archerysec/compare/archerysec-v1.2...v1.3"},{"type":"ADVISORY","url":"https://github.com/archerysec/archerysec/releases/tag/v1.3"},{"type":"REPORT","url":"https://github.com/archerysec/archerysec/issues/338"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/archerysec/archerysec","events":[{"introduced":"0"},{"fixed":"42fdfed6973bcfb0d8758645568e31382df625dc"}],"database_specific":{"cpe":"cpe:2.3:a:archerysec:archery:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.3"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["ARCHERY-v1.0-beta","archerysec-v1.2","v1.0","v1.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20008.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}