VYPR
Vendor

Webswing

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2024-39332CriOct 31, 2024
    risk 0.64cvss 9.8epss 0.01

    Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server.

  • CVE-2022-34914CriJul 8, 2022
    risk 0.64cvss 9.8epss 0.01

    Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to…

  • CVE-2020-11103CriDec 30, 2020
    risk 0.64cvss 9.8epss 0.03

    JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution.