Lucene search

Ubuntu.comUB:CVE-2021-33966

HistoryJan 21, 2022 - 12:00 a.m.

CVE-2021-33966

2022-01-2100:00:00

ubuntu.com

cve-2021-33966

xss

spotweb

authenticated attackers

arbitrary code

crafted get request

unix

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.9%

JSON

Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows
authenticated attackers to execute arbitrary code via crafted GET request
to the login page.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchspotweb< anyUNKNOWN
ubuntu20.04noarchspotweb< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	spotweb	< any	UNKNOWN
ubuntu	20.04	noarch	spotweb	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2021-33966

nvd.nist.gov/vuln/detail/CVE-2021-33966

packetstormsecurity.com/files/162731/Spotweb-Develop-1.4.9-Cross-Site-Scripting.html

security-tracker.debian.org/tracker/CVE-2021-33966

www.cve.org/CVERecord?id=CVE-2021-33966

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.9%

JSON

Related for UB:CVE-2021-33966