Описание
In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.
Ссылки
- Release NotesThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3 (исключая)
cpe:2.3:a:archerysec:archery:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.0036
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.
EPSS
Процентиль: 58%
0.0036
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79