Vulnerabilities > Spotweb Project > Spotweb > 1.4.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-28 | CVE-2021-43725 | Cross-site Scripting vulnerability in Spotweb Project Spotweb There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. | 4.3 |
| 2022-01-21 | CVE-2021-33966 | Cross-site Scripting vulnerability in Spotweb Project Spotweb 1.4.9 Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page. | 3.5 |
| 2021-10-01 | CVE-2021-40968 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40969 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40970 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40971 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40972 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. | 4.3 |
| 2021-10-01 | CVE-2021-40973 | Cross-site Scripting vulnerability in Spotweb Project Spotweb Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. | 4.3 |
| 2021-01-26 | CVE-2021-3286 | SQL Injection vulnerability in Spotweb Project Spotweb 1.4.9 SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. | 7.5 |
| 2020-12-17 | CVE-2020-35545 | SQL Injection vulnerability in Spotweb Project Spotweb 1.4.9 Time-based SQL injection exists in Spotweb 1.4.9 via the query string. | 7.5 |