CVE-2020-25470

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-25470
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25470.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25470
Published
2020-10-26T14:15:13.137Z
Modified
2026-04-10T04:25:10.120976Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.

References

Affected packages

Git / github.com/antswordproject/antsword

Affected ranges

Type
GIT
Repo
https://github.com/antswordproject/antsword
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a273062b0c873169bd2d25a7583c0bc15249ffdb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.8.1"
        }
    ]
}

Affected versions

1.*
1.0.0
1.1.2
1.2.1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.7.1
2.0.7.2
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.8.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25470.json"