5 matches found
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. id: CVE-2021-40968 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat...
CVE-2021-40968
creationtimestamp| type| source ---|---|--- 2021-10-01 20:15:29+00:00| seen| https://t.me/cibsecurity/29818 2023-06-05 12:33:16+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-40968.yaml...
CVE-2021-40968
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter...
CVE-2021-40968
CVE-2021-40968 affects Spotweb 1.5.1 and earlier, with a cross-site scripting (XSS) flaw in templates/installer/step-004.inc.php that allows injecting arbitrary JavaScript/HTML via the newpassword2 parameter. Exploitation details are not provided in the documents; impact is browser-side code exec...
CVE-2021-40968
Removed by vendor...