Spotweb Project Spotweb — known CVE vulnerabilities
Every CVE whose affected-product data names Spotweb Project Spotweb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2021-3286 — CVSS 9.8 (critical): SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload…
CVE-2021-40969 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to…
CVE-2021-40970 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to…
CVE-2021-40971 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to…
CVE-2021-40972 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to…
CVE-2021-40973 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to…
CVE-2021-43725 — CVSS 6.1 (medium): There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to…
CVE-2021-40968 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to…
CVE-2021-33966 — CVSS 5.4 (medium): Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request…