{"id":"PYSEC-2019-112","details":"In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.","aliases":["CVE-2019-20008"],"modified":"2023-11-01T04:50:51.141802Z","published":"2019-12-26T23:15:00Z","references":[{"type":"REPORT","url":"https://github.com/archerysec/archerysec/issues/338"},{"type":"WEB","url":"https://github.com/archerysec/archerysec/compare/archerysec-v1.2...v1.3"},{"type":"WEB","url":"https://github.com/archerysec/archerysec/releases/tag/v1.3"}],"affected":[{"package":{"name":"pyarchery","ecosystem":"PyPI","purl":"pkg:pypi/pyarchery"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0"}]}],"versions":["0.1","0.2","0.3","1.0","1.1.0","1.2.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pyarchery/PYSEC-2019-112.yaml"}}],"schema_version":"1.7.3"}