VYPR
Vendor

spotweb

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2021-3286CriJan 26, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.

  • CVE-2020-35545CriDec 17, 2020
    risk 0.64cvss 9.8epss 0.04

    Time-based SQL injection exists in Spotweb 1.4.9 via the query string.

  • CVE-2021-40973MedOct 1, 2021
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.

  • CVE-2021-40972MedOct 1, 2021
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.

  • CVE-2021-40971MedOct 1, 2021
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.

  • CVE-2021-40970MedOct 1, 2021
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.

  • CVE-2021-40969MedOct 1, 2021
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.

  • CVE-2021-40968MedOct 1, 2021
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.

  • CVE-2021-33966MedJan 21, 2022
    risk 0.35cvss 5.4epss 0.01

    Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.

  • CVE-2021-43725MedMar 28, 2022
    risk 0.00cvss 6.1epss 0.03

    There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.