CVE-2019-13970: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.
References
Detect and mitigate CVE-2019-13970 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →