Information on source package spotweb

Available versions

Release	Version
stretch	20130826+dfsg3-4
buster	20130826+dfsg3-4

Open issues

Bug	stretch	buster	Description
CVE-2020-35545	vulnerable (no DSA)	vulnerable (no DSA)	Time-based SQL injection exists in Spotweb 1.4.9 via the query string. ...

Open unimportant issues

Bug	stretch	buster	Description
CVE-2021-40973	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...
CVE-2021-40972	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...
CVE-2021-40971	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...
CVE-2021-40970	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...
CVE-2021-40969	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...
CVE-2021-40968	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...

Resolved issues

Bug	Description
CVE-2021-3286	SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands p ...