PT-2024-28453 · Webswing · Webswing
Ehud Cseresnyes
+1
·
Published
2024-10-31
·
Updated
2025-07-10
·
CVE-2024-39332
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Webswing version 23.2.2
Description
The issue allows remote attackers to modify client-side JavaScript code, achieving path traversal, which can likely lead to remote code execution via modification of shell scripts on the server.
Recommendations
For Webswing version 23.2.2, consider disabling the modification of client-side JavaScript code as a temporary workaround until a patch is available. Restrict access to shell scripts on the server to minimize the risk of exploitation.
Exploit
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webswing