Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2021-40968

Disclosure Date: October 01, 2021 (last updated February 23, 2025)
Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0