Spotweb@1.4.9 Security Vulnerabilities and Issues — Spotweb@1.4.9 CVE List

Lucene search

Spotweb ProjectSpotweb1.4.9

3 matches found

CVE•added 2020/12/17 8:15 p.m.•55 views

CVE-2020-35545

Time-based SQL injection exists in Spotweb 1.4.9 via the query string.

9.8CVSS9.7AI score0.11EPSS

CVE•added 2021/01/26 6:16 p.m.•34 views

CVE-2021-3286

SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.

9.8CVSS9.8AI score0.11EPSS

CVE•added 2022/01/21 7:15 p.m.•33 views

CVE-2021-33966

Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.

5.4CVSS5.4AI score0.00314EPSS