CVE-2021-33966

Name of the Vulnerable Software and Affected Versions spotweb version 1.4.9

Description The issue allows authenticated attackers to execute arbitrary code via a crafted GET request to the "login page" API endpoint. This is a cross-site scripting (XSS) issue, which means attackers can inject malicious scripts into the website, potentially affecting other users.

Recommendations For spotweb version 1.4.9, consider disabling access to the login page until a patch is available. Restrict the use of crafted GET requests to the login page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.