Antsword Project: >> Antsword Security Vulnerabilities
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.
CVSS Score
9.6
EPSS Score
0.004
Published
2020-10-26
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-10-26
In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-07-19