RSS   Vulnerabilities for 'Antsword'   RSS

2020-10-26
 
CVE-2020-18766

CWE-79
 

 
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.

 
 
CVE-2020-25470

CWE-79
 

 
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.

 
2019-07-19
 
CVE-2019-13970

CWE-79
 

 
In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.

 


Copyright 2021, cxsecurity.com

 

Back to Top