Webswing Security Vulnerabilities and Issues — Webswing CVE List

Lucene search

WebswingWebswing

3 matches found

CVE•added 2020/12/30 9:15 p.m.•55 views

CVE-2020-11103

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution.

9.8CVSS9.7AI score0.01322EPSS

CVE•added 2022/07/08 7:15 p.m.•52 views

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

9.8CVSS9.3AI score0.00895EPSS

CVE•added 2024/10/31 7:15 p.m.•37 views

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server.

9.8CVSS7.9AI score0.02538EPSS