2 matches found
CVE-2022-34914
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...
CVE-2022-34914
CVE-2022-34914 affects Webswing prior to 22.1.3. The issue arises from X-Forwarded-For header injection into the clientIp configuration variable, allowing a client to substitute startup arguments by manipulating the header, and injecting multiple arguments into the session startup. Systems that d...