PT-2019-13499 · Antsword · Antsword

Miaochiahao

Publicado

2019-07-19

Atualizado

2022-05-24

CVE-2019-13970

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions antSword versions prior to 2.1.0

Description The issue is related to self-XSS in the database configuration, which can lead to code execution. This is possible via files such as modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.

Recommendations For versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the database configuration to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-13970

GHSA-HQ75-GGC3-8H3Q

Produtos afetados

Antsword

PT-2019-13499 · Antsword · Antsword

CVE-2019-13970

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7