There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.
Loading...
Loading...
Score 6.1 from GitHub Security Advisory published 2022-03-29. NVD baseline CVSS 6.1; sources differ by 0.0.
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.
March 28, 2022
November 21, 2024
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Working exploit code is in the public domain. Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
Open source ↗See which npm, PyPI, Go, and Maven packages are affected by CVE-2021-43725
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.