Lucene search

MitreCVE-2020-25470

HistoryOct 26, 2020 - 2:15 p.m.

CVE-2020-25470

2020-10-2614:15:13

CWE-79

mitre

web.nvd.nist.gov

antsword

2.1.8.1

xss vulnerability

view site

remote code execution

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

48.1%

JSON

AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.

Affected configurations

Nvd

Node

antsword_projectantswordMatch2.1.8.1

VendorProductVersionCPE
antsword_projectantsword2.1.8.1cpe:2.3:a:antsword_project:antsword:2.1.8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
antsword_project	antsword	2.1.8.1	cpe:2.3:a:antsword_project:antsword:2.1.8.1:::::::*

References

github.com/AntSwordProject/antSword/issues/256

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

48.1%

JSON

Related for CVE-2020-25470