Information on source package spotweb

Available versions

Release	Version
stretch	20130826+dfsg3-4
buster	20130826+dfsg3-4

Open issues

Bug	stretch	buster	Description
CVE-2021-43725	vulnerable (no DSA)	vulnerable (no DSA)	There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login. ...
CVE-2021-33966	vulnerable (no DSA, postponed)	vulnerable (no DSA)	Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...
CVE-2020-35545	vulnerable (no DSA)	vulnerable (no DSA)	Time-based SQL injection exists in Spotweb 1.4.9 via the query string. ...

Open unimportant issues

Bug	stretch	buster	Description
CVE-2021-40973	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...
CVE-2021-40972	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...
CVE-2021-40971	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...
CVE-2021-40970	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...
CVE-2021-40969	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...
CVE-2021-40968	vulnerable	vulnerable	Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...

Resolved issues

Bug	Description
CVE-2021-3286	SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands p ...