CVE-2021-43725

Опубликовано: 28 мар. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.

Ссылки

https://github.com/spotweb/spotweb/commit/2bfa001689aae96009688a193c64478647ba45a1
Patch
Third Party Advisory
https://github.com/spotweb/spotweb/issues/718
Exploit
Issue Tracking
Third Party Advisory
https://github.com/spotweb/spotweb/commit/2bfa001689aae96009688a193c64478647ba45a1
Patch
Third Party Advisory
https://github.com/spotweb/spotweb/issues/718
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spotweb_project:spotweb:*:*:*:*:*:*:*:*

Версия до 1.5.1 (включая)

EPSS

Процентиль: 77%

0.01081

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-43725

CVSS3: 6.1

ubuntu

почти 4 года назад

CVE-2021-43725

CVSS3: 6.1

debian

почти 4 года назад

There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login. ...

GHSA-h24p-w6x4-wgf8

CVSS3: 6.1

github

почти 4 года назад

EPSS

Процентиль: 77%

0.01081

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79