Skip to content

Self-XSS in AS_Redis

Low
Medicean published GHSA-j8j6-f829-w425 Oct 23, 2021

Package

AS_Redis (AntSword)

Affected versions

<0.5

Patched versions

0.5

Description

Description

The Redis Manage plugin(versions < v0.5) for AntSword is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution.

Impact

Redis Manager Plugin Version < v0.5

Patches

Redis Manager Plugin Version >= v0.5

Discoverer

cc7v@校长

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2021-41172

Weaknesses