AntSword
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-43892 | Hig | 0.50 | 8.8 | 0.00 | May 12, 2026 | AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16. | ||
| CVE-2021-41172 | 0.00 | — | 0.00 | Oct 26, 2021 | AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code… | |||
| CVE-2020-18766 | 0.00 | — | 0.00 | Oct 26, 2020 | A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. | |||
| CVE-2020-25470 | 0.00 | — | 0.01 | Oct 26, 2020 | AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution. |
- risk 0.50cvss 8.8epss 0.00
AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.
- CVE-2021-41172Oct 26, 2021risk 0.00cvss —epss 0.00
AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code…
- CVE-2020-18766Oct 26, 2020risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.
- CVE-2020-25470Oct 26, 2020risk 0.00cvss —epss 0.01
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.