Spotweb 1.4.9 Authenticated Cross Site Scripting (XSS) Vulnerability

Spotweb 1.4.9 Authenticated Cross Site Scripting (XSS) Vulnerability

CVE-2021-33966 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.

Learn more about our Web App Pen Testing.