Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2021-33966

Disclosure Date: January 21, 2022 (last updated February 23, 2025)
Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-3286

Disclosure Date: January 26, 2021 (last updated February 22, 2025)
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-35545

Disclosure Date: December 17, 2020 (last updated February 22, 2025)
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0