Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43725 | 1 Spotweb Project | 1 Spotweb | 2022-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. | |||||
| CVE-2021-33966 | 1 Spotweb Project | 1 Spotweb | 2022-01-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page. | |||||
| CVE-2021-40971 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. | |||||
| CVE-2021-40973 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. | |||||
| CVE-2021-40972 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. | |||||
| CVE-2021-40968 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. | |||||
| CVE-2021-40970 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2021-40969 | 1 Spotweb Project | 1 Spotweb | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. | |||||
| CVE-2021-3286 | 1 Spotweb Project | 1 Spotweb | 2021-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. | |||||
| CVE-2020-35545 | 1 Spotweb Project | 1 Spotweb | 2020-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | |||||