Medium severity6.1NVD Advisory· Published Oct 1, 2021· Updated Jun 17, 2026
CVE-2021-40968
CVE-2021-40968
Description
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- spotweb/spotwebdescription
Patches
Vulnerability mechanics
References
1- github.com/spotweb/spotweb/issues/711nvdExploitIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.