CVE-2020-11103

moderate-risk
Published 2020-12-30

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution.

Do I need to act?

~
1.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Webswing
Webswing

Affected Vendors

Webswing

References (4)

Issue Tracking https://bitbucket.org/meszarv/webswing/issues/375/webswing-jslink-mechanism-remo...
Release Notes https://www.webswing.org/docs/2.6/discover/release_notes.html#release-notes-2-6-...
Issue Tracking https://bitbucket.org/meszarv/webswing/issues/375/webswing-jslink-mechanism-remo...
Release Notes https://www.webswing.org/docs/2.6/discover/release_notes.html#release-notes-2-6-...
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 4/34 · Minimal
Exposure 7/34 · Low