PT-2020-16090 · Antsword · Antsword

Leohearts

Published

2020-10-26

Updated

2020-10-28

CVE-2020-25470

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions AntSword version 2.1.8.1

Description The issue concerns a cross-site scripting (XSS) vulnerability in the View Site function. When viewing an added site, an XSS payload can be injected in the cookies view, potentially leading to remote code execution.

Recommendations For AntSword version 2.1.8.1, consider disabling the View Site function until a patch is available to prevent potential exploitation. Restrict access to the cookies view to minimize the risk of XSS payload injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-25470

Affected Products

Antsword

PT-2020-16090 · Antsword · Antsword

CVE-2020-25470

Weakness Enumeration

Related Identifiers

Affected Products

References · 4