Spotweb Project: >> Spotweb >> 1.2.2 Security Vulnerabilities
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.
CVSS Score
6.1
EPSS Score
0.011
Published
2022-03-28
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2021-10-01
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2021-10-01
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2021-10-01
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2021-10-01
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2021-10-01
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.
CVSS Score
6.1
EPSS Score
0.013
Published
2021-10-01