CVE-2021-33966

Опубликовано: 21 янв. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.

Ссылки

https://packetstormsecurity.com/files/162731/Spotweb-Develop-1.4.9-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/162731/Spotweb-Develop-1.4.9-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spotweb_project:spotweb:1.4.9:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00314

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-33966

CVSS3: 5.4

ubuntu

около 4 лет назад

Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.

CVE-2021-33966

CVSS3: 5.4

debian

около 4 лет назад

Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...

GHSA-m5pf-fxhf-9c22

github

около 4 лет назад

Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.

EPSS

Процентиль: 54%

0.00314

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79