10 matches found
CVE-2021-43725
CVE-2021-43725 refers to a reflected XSS in Spotweb (Spotweb
CVE-2020-35545
CVE-2020-35545 is a time-based SQL injection affecting Spotweb 1.4.9 via the query string. Exploitation is possible remotely over the network with no authentication, and the CVSSv3.1 score is 9.8 (CRITICAL). The provided documents do not include a confirmed patch or remediation guidance; exploita...
CVE-2021-40969
CVE-2021-40969 affects Spotweb up to version 1.5.1, with a reflected XSS in templates/installer/step-004.inc.php via the firstname parameter. The Nuclei template confirms this as a reflected XSS risk in Spotweb
CVE-2021-40972
Spotweb
CVE-2021-40970
CVE-2021-40970 affectsSpotweb
CVE-2021-40968
CVE-2021-40968 affects Spotweb 1.5.1 and earlier, with a cross-site scripting (XSS) flaw in templates/installer/step-004.inc.php that allows injecting arbitrary JavaScript/HTML via the newpassword2 parameter. Exploitation details are not provided in the documents; impact is browser-side code exec...
CVE-2021-40971
Spotweb
CVE-2021-40973
Spotweb
CVE-2021-33966
Spotweb 1.4.9 contains a Cross-Site Scripting (XSS) vulnerability that allows authenticated attackers to execute arbitrary code via a crafted GET request to the login page. The issue is documented across multiple feeds (NVD entry CVE-2021-33966 and related sources) with a confirmed XSS vector on ...
CVE-2021-3286
The CVE-2021-3286 entry concerns Spotweb 1.4.9, where SQL injection exists because the notAllowedCommands protection is inadequate, allowing variations of the payload. The issue is linked to an incomplete fix for CVE-2020-35545 and is described across multiple sources (e.g., CNVD/OSV) as a time-b...