Spotweb Project Spotweb vulnerabilities
10 known vulnerabilities affecting spotweb_project/spotweb.
Total CVEs
10
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2020-35545P2CRITICALCVSS 9.8PoCv1.4.92020-12-17
CVE-2020-35545 [CRITICAL] CWE-89 CVE-2020-35545: Time-based SQL injection exists in Spotweb 1.4.9 via the query string.
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.
nvd
CVE-2021-43725P4MEDIUMCVSS 6.1PoC≤ 1.5.12022-03-28
CVE-2021-43725 [MEDIUM] CWE-79 CVE-2021-43725: There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.
nvd
CVE-2021-40973P4MEDIUMCVSS 6.1PoC≤ 1.5.12021-10-01
CVE-2021-40973 [MEDIUM] CWE-79 CVE-2021-40973: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.
nvd
CVE-2021-40969P4MEDIUMCVSS 6.1PoC≤ 1.5.12021-10-01
CVE-2021-40969 [MEDIUM] CWE-79 CVE-2021-40969: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.
nvd
CVE-2021-40971P4MEDIUMCVSS 6.1PoC≤ 1.5.12021-10-01
CVE-2021-40971 [MEDIUM] CWE-79 CVE-2021-40971: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.
nvd
CVE-2021-40968P4MEDIUMCVSS 6.1PoC≤ 1.5.12021-10-01
CVE-2021-40968 [MEDIUM] CWE-79 CVE-2021-40968: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
nvd
CVE-2021-40972P4MEDIUMCVSS 6.1PoC≤ 1.5.12021-10-01
CVE-2021-40972 [MEDIUM] CWE-79 CVE-2021-40972: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.
nvd
CVE-2021-40970P4MEDIUMCVSS 6.1PoC≤ 1.5.12021-10-01
CVE-2021-40970 [MEDIUM] CWE-79 CVE-2021-40970: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.
nvd
CVE-2021-3286P3CRITICALCVSS 9.8v1.4.92021-01-26
CVE-2021-3286 [CRITICAL] CVE-2021-3286: SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequ
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
nvdosv
CVE-2021-33966P4MEDIUMCVSS 5.4v1.4.92022-01-21
CVE-2021-33966 [MEDIUM] CWE-79 CVE-2021-33966: Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute
Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.
nvd