Aggregates CVE and security vulnerability intelligence across all antsword_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-18766 | A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. | [email protected] | 9.6 | 0.44% | 2020-10-26 | 2024-11-21 |
| CVE-2020-25470 | AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution. | [email protected] | 6.1 | 0.50% | 2020-10-26 | 2024-11-21 |
| CVE-2019-13970 | In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js. | [email protected] | 6.1 | 0.51% | 2019-07-19 | 2024-11-21 |