Lucene search
K
Spotweb ProjectSpotweb

10 matches found

CVE
CVE
added 2022/03/28 12:52 p.m.107 views

CVE-2021-43725

CVE-2021-43725 refers to a reflected XSS in Spotweb (Spotweb

6.1CVSS5.9AI score0.02583EPSS
CVE
CVE
added 2020/12/17 7:46 p.m.78 views

CVE-2020-35545

CVE-2020-35545 is a time-based SQL injection affecting Spotweb 1.4.9 via the query string. Exploitation is possible remotely over the network with no authentication, and the CVSSv3.1 score is 9.8 (CRITICAL). The provided documents do not include a confirmed patch or remediation guidance; exploita...

9.8CVSS9.7AI score0.03803EPSS
Web
CVE
CVE
added 2021/10/01 3:42 p.m.76 views

CVE-2021-40969

CVE-2021-40969 affects Spotweb up to version 1.5.1, with a reflected XSS in templates/installer/step-004.inc.php via the firstname parameter. The Nuclei template confirms this as a reflected XSS risk in Spotweb

6.1CVSS6AI score0.02204EPSS
Web
CVE
CVE
added 2021/10/01 3:42 p.m.74 views

CVE-2021-40972

Spotweb

6.1CVSS6AI score0.02214EPSS
Web
CVE
CVE
added 2021/10/01 3:42 p.m.71 views

CVE-2021-40970

CVE-2021-40970 affectsSpotweb

6.1CVSS6AI score0.02204EPSS
Web
CVE
CVE
added 2021/10/01 3:42 p.m.66 views

CVE-2021-40968

CVE-2021-40968 affects Spotweb 1.5.1 and earlier, with a cross-site scripting (XSS) flaw in templates/installer/step-004.inc.php that allows injecting arbitrary JavaScript/HTML via the newpassword2 parameter. Exploitation details are not provided in the documents; impact is browser-side code exec...

6.1CVSS6AI score0.02204EPSS
Web
CVE
CVE
added 2021/10/01 3:42 p.m.65 views

CVE-2021-40971

Spotweb

6.1CVSS6AI score0.02204EPSS
Web
CVE
CVE
added 2021/10/01 3:42 p.m.64 views

CVE-2021-40973

Spotweb

6.1CVSS6AI score0.02214EPSS
Web
CVE
CVE
added 2022/01/21 6:55 p.m.49 views

CVE-2021-33966

Spotweb 1.4.9 contains a Cross-Site Scripting (XSS) vulnerability that allows authenticated attackers to execute arbitrary code via a crafted GET request to the login page. The issue is documented across multiple feeds (NVD entry CVE-2021-33966 and related sources) with a confirmed XSS vector on ...

5.4CVSS5.4AI score0.0088EPSS
CVE
CVE
added 2021/01/24 8:41 a.m.48 views

CVE-2021-3286

The CVE-2021-3286 entry concerns Spotweb 1.4.9, where SQL injection exists because the notAllowedCommands protection is inadequate, allowing variations of the payload. The issue is linked to an incomplete fix for CVE-2020-35545 and is described across multiple sources (e.g., CNVD/OSV) as a time-b...

9.8CVSS9.8AI score0.01035EPSS