Lucene search
K

118 matches found

Cvelist
Cvelist
added 2021/10/01 3:42 p.m.26 views

CVE-2021-40970

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter...

6.2AI score0.02204EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/10/01 3:42 p.m.26 views

CVE-2021-40969

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter...

6.2AI score0.02204EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/10/01 3:42 p.m.14 views

CVE-2021-40970

Removed by vendor...

6.1CVSS6.3AI score0.02204EPSS
Exploits1
Debian CVE
Debian CVE
added 2021/10/01 3:42 p.m.43 views

CVE-2021-40969

Removed by vendor...

6.1CVSS6.2AI score0.02204EPSS
Exploits1
CVE
CVE
added 2021/10/01 3:42 p.m.71 views

CVE-2021-40970

CVE-2021-40970 affectsSpotweb

6.1CVSS6AI score0.02204EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/10/01 3:42 p.m.76 views

CVE-2021-40969

CVE-2021-40969 affects Spotweb up to version 1.5.1, with a reflected XSS in templates/installer/step-004.inc.php via the firstname parameter. The Nuclei template confirms this as a reflected XSS risk in Spotweb

6.1CVSS6AI score0.02204EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/10/01 3:42 p.m.20 views

CVE-2021-40968

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter...

6.2AI score0.02204EPSS
Exploits1References2
CVE
CVE
added 2021/10/01 3:42 p.m.66 views

CVE-2021-40968

CVE-2021-40968 affects Spotweb 1.5.1 and earlier, with a cross-site scripting (XSS) flaw in templates/installer/step-004.inc.php that allows injecting arbitrary JavaScript/HTML via the newpassword2 parameter. Exploitation details are not provided in the documents; impact is browser-side code exec...

6.1CVSS6AI score0.02204EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.9 views

spotweb 跨站脚本漏洞

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

6.1CVSS5.6AI score0.02204EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.7 views

spotweb 跨站脚本漏洞

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team.A cross-site scripting vulnerability exists in Spotweb 1.5.1 and below, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML via the newpassword2 parameter...

6.1CVSS5.5AI score0.02204EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.4 views

spotweb 跨站脚本漏洞

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

6.1CVSS5.6AI score0.02214EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.5 views

spotweb 跨站脚本漏洞

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

6.1CVSS5.6AI score0.02204EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.5 views

spotweb 跨站脚本漏洞

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

6.1CVSS5.6AI score0.02214EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.3 views

spotweb 跨站脚本漏洞

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

6.1CVSS5.6AI score0.02204EPSS
Exploits1References1
0day.today
0day.today
added 2021/05/21 12:0 a.m.20 views

Spotweb 1.4.9 - DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import time import os, sy...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.190 views

Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)

Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Date: 05.20.2021 Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/20 12:0 a.m.142 views

Spotweb-Develop 1.4.9 Cross Site Scripting

Exploit Title: Cross Site Scripting DOM Based spotweb-develop 1.4.9 Author: @nu11secur1ty Testing and Debugging: nu11secur1ty $ OWASP-ZAP Date: 05.20.2021 Vendor: https://www.nzbserver.com/ Link: https://github.com/spotweb/spotweb CVE: 2021-XXXX Proof: https://streamable.com/hix5o1 + Exploit...

7.4AI score
Exploits0
NVD
NVD
added 2021/01/26 6:16 p.m.15 views

CVE-2021-3286

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545...

9.8CVSS10AI score0.01035EPSS
Exploits0References1
OSV
OSV
added 2021/01/26 6:16 p.m.20 views

CVE-2021-3286

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545...

9.8CVSS7.8AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/01/26 6:16 p.m.22 views

CVE-2021-3286

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545...

9.8CVSS7.2AI score0.01035EPSS
Exploits0References2
Rows per page
Query Builder