Spotweb CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-43725	1 Spotweb Project	1 Spotweb	2024-11-21	6.1 Medium
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.
CVE-2021-40973	1 Spotweb Project	1 Spotweb	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.
CVE-2021-40972	1 Spotweb Project	1 Spotweb	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.
CVE-2021-40971	1 Spotweb Project	1 Spotweb	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.
CVE-2021-40970	1 Spotweb Project	1 Spotweb	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2021-40969	1 Spotweb Project	1 Spotweb	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.
CVE-2021-40968	1 Spotweb Project	1 Spotweb	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
CVE-2021-3286	1 Spotweb Project	1 Spotweb	2024-11-21	9.8 Critical
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
CVE-2021-33966	1 Spotweb Project	1 Spotweb	2024-11-21	5.4 Medium
Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.
CVE-2020-35545	1 Spotweb Project	1 Spotweb	2024-11-21	9.8 Critical
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.

Page 1 of 1.