Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team.A cross-site scripting vulnerability exists in Spotweb 1.5.1 and below, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML via the newpassword2 parameter.