Skip to main content

Webswing

3 CVEs product

Monthly

CVE-2024-39332 CRITICAL POC Act Now

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Webswing
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-34914 CRITICAL Act Now

Webswing before 22.1.3 allows X-Forwarded-For header injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Webswing
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-11103 CRITICAL Act Now

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webswing
NVD
CVSS 3.1
9.8
EPSS
2.7%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Webswing
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Webswing before 22.1.3 allows X-Forwarded-For header injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Webswing
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webswing
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy