VYPR

Webswing

by Webswing

CVEs (3)

  • CVE-2024-39332CriOct 31, 2024
    risk 0.64cvss 9.8epss 0.01

    Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server.

  • CVE-2022-34914CriJul 8, 2022
    risk 0.64cvss 9.8epss 0.01

    Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to…

  • CVE-2020-11103CriDec 30, 2020
    risk 0.64cvss 9.8epss 0.03

    JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution.