spotweb
Products
1- 10 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3286 | Cri | 0.64 | 9.8 | 0.01 | Jan 26, 2021 | SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. | ||
| CVE-2020-35545 | Cri | 0.64 | 9.8 | 0.04 | Dec 17, 2020 | Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | ||
| CVE-2021-40973 | Med | 0.40 | 6.1 | 0.02 | Oct 1, 2021 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. | ||
| CVE-2021-40972 | Med | 0.40 | 6.1 | 0.02 | Oct 1, 2021 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. | ||
| CVE-2021-40971 | Med | 0.40 | 6.1 | 0.02 | Oct 1, 2021 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. | ||
| CVE-2021-40970 | Med | 0.40 | 6.1 | 0.02 | Oct 1, 2021 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. | ||
| CVE-2021-40969 | Med | 0.40 | 6.1 | 0.02 | Oct 1, 2021 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. | ||
| CVE-2021-40968 | Med | 0.40 | 6.1 | 0.02 | Oct 1, 2021 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. | ||
| CVE-2021-33966 | Med | 0.35 | 5.4 | 0.01 | Jan 21, 2022 | Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page. | ||
| CVE-2021-43725 | Med | 0.00 | 6.1 | 0.03 | Mar 28, 2022 | There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. |
- risk 0.64cvss 9.8epss 0.01
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
- risk 0.64cvss 9.8epss 0.04
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
- risk 0.35cvss 5.4epss 0.01
Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.
- risk 0.00cvss 6.1epss 0.03
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.