AntSword RCE and XSS via code injection

2022-05-2416:50:44

Google

osv.dev

0.002 Low

EPSS

Percentile

53.2%

JSON

In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.

CPENameOperatorVersion
antswordlt2.1.0

CPE	Name	Operator	Version
	antsword	lt	2.1.0

References

github.com/AntSwordProject/antSword

github.com/AntSwordProject/antSword/commit/4b932e81447b4b0475f4fce45525547395c249d3

github.com/AntSwordProject/antSword/compare/ed01dea...834063a

github.com/AntSwordProject/antSword/issues/151

nvd.nist.gov/vuln/detail/CVE-2019-13970

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for OSV:GHSA-HQ75-GGC3-8H3Q