Vulnerabilities > Spotweb Project > Spotweb > 1.3.7

DATE CVE VULNERABILITY TITLE RISK
2022-03-28 CVE-2021-43725 Cross-site Scripting vulnerability in Spotweb Project Spotweb
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.
network
low complexity
spotweb-project CWE-79
6.1
6.1
2021-10-01 CVE-2021-40968 Cross-site Scripting vulnerability in Spotweb Project Spotweb
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
network
low complexity
spotweb-project CWE-79
6.1
6.1
2021-10-01 CVE-2021-40969 Cross-site Scripting vulnerability in Spotweb Project Spotweb
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.
network
low complexity
spotweb-project CWE-79
6.1
6.1
2021-10-01 CVE-2021-40970 Cross-site Scripting vulnerability in Spotweb Project Spotweb
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.
network
low complexity
spotweb-project CWE-79
6.1
6.1
2021-10-01 CVE-2021-40971 Cross-site Scripting vulnerability in Spotweb Project Spotweb
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.
network
low complexity
spotweb-project CWE-79
6.1
6.1
2021-10-01 CVE-2021-40972 Cross-site Scripting vulnerability in Spotweb Project Spotweb
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.
network
low complexity
spotweb-project CWE-79
6.1
6.1
2021-10-01 CVE-2021-40973 Cross-site Scripting vulnerability in Spotweb Project Spotweb
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.
network
low complexity
spotweb-project CWE-79
6.1
6.1