Archery
CVE-2019-20008
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page.
AnalysisAI
In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. Affected products include: Archerysec Archery. Version information: before 1.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_ti
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the crea
Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/app
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today