Your submission was sent successfully! Close

CVE-2021-40971

Published: 1 October 2021

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.

Priority

Negligible

CVSS 3 base score: 6.1

Status

Package Release Status
spotweb
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(out of standard support)