AntSwordProject/antSword

AntSwordProject/antSword

Releases36

Frequency3 months 2 weeks

Last Release about 1 month ago

Stars4.59K

中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-43892 ↗	May 12, 2026Tuesday, 12 May 2026, 18:17	8.8 HIGH	—
AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.
CVE-2020-18766 ↗	Oct 26, 2020Monday, 26 October 2020, 16:15	9.6 CRITICAL	6.8 MEDIUM
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.
CVE-2020-25470 ↗	Oct 26, 2020Monday, 26 October 2020, 14:15	6.1 MEDIUM	4.3 MEDIUM
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.
CVE-2019-13970 ↗	Jul 19, 2019Friday, 19 July 2019, 06:15	—	4.3 MEDIUM
In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.