Antsword CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-43892	1 Antsword Project	1 Antsword	2026-05-12	8.8 High
AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.
CVE-2020-25470	1 Antsword Project	1 Antsword	2024-11-21	6.1 Medium
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.
CVE-2020-18766	1 Antsword Project	1 Antsword	2024-11-21	9.6 Critical
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.
CVE-2019-13970	1 Antsword Project	1 Antsword	2024-11-21	N/A
In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.

Page 1 of 1.