RSS   Podatności dla 'Spotweb'   RSS

2022-03-28
 
CVE-2021-43725

CWE-79
 

 
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.

 
2022-01-21
 
CVE-2021-33966

CWE-79
 

 
Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.

 
2021-10-01
 
CVE-2021-40968

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.

 
 
CVE-2021-40969

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.

 
 
CVE-2021-40970

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.

 
 
CVE-2021-40971

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.

 
 
CVE-2021-40972

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.

 
 
CVE-2021-40973

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.

 
2021-01-26
 
CVE-2021-3286

CWE-89
 

 
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.

 
2020-12-17
 
CVE-2020-35545

CWE-89
 

 
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.

 


Copyright 2024, cxsecurity.com

 

Back to Top