MidnightBSD

Advisories for antsword_project

CVE-2019-13970 MEDIUM

In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
antsword_project antsword *
CVE-2020-18766 MEDIUM

A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
antsword_project antsword 2.0.7
CVE-2020-25470 MEDIUM

AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
antsword_project antsword 2.1.8.1