Vulnerabilities > Spotweb Project > Spotweb > 1.4.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-28 | CVE-2021-43725 | Cross-site Scripting vulnerability in Spotweb Project Spotweb There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40968 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40969 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40970 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40971 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40972 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40973 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. | 4.3 |