CVE-2014-3740

🗓️ 11 Sep 2014 18:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 39 Views🌐 WEB

CVE-2014-3740 Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2014-3740	12 May 201400:00	–	circl
Cvelist	CVE-2014-3740	11 Sep 201418:00	–	cvelist
EUVD	EUVD-2014-3683	7 Oct 202500:30	–	euvd
NVD	CVE-2014-3740	11 Sep 201418:55	–	nvd
Packet Storm	SpiceWorks IT Ticketing System Cross Site Scripting	9 Jun 201400:00	–	packetstorm
Prion	Cross site scripting	11 Sep 201418:55	–	prion
securityvulns	CVE-2014-3740 - SpiceWorks Cross-site scripting	14 Jun 201400:00	–	securityvulns
securityvulns	Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)	14 Jun 201400:00	–	securityvulns

NVD

Node

spiceworks spiceworksRange≤7.2.00190

spiceworks spiceworksMatch7.2.00174

spiceworks spiceworksMatch7.2.00189

Source	Link
research	www.research.openflare.org/advisories/OF-2014-07/spiceworks_xss.txt
securityfocus	www.securityfocus.com/archive/1/532346/100/0/threaded
secunia	www.secunia.com/advisories/58522
osvdb	www.osvdb.org/show/osvdb/106916
exploit-db	www.exploit-db.com/exploits/33330
packetstormsecurity	www.packetstormsecurity.com/files/126596/SpiceWorks-7.2.00174-Cross-Site-Scripting.html
packetstormsecurity	www.packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-Cross-Site-Scripting.html
seclists	www.seclists.org/fulldisclosure/2014/Jun/42
research	www.research.openflare.org/poc/OF-2014-07/spiceworks_crafted_ticket.mp4

Parameter	Position	Path	Description	CWE
title	request body	user_portal	Stored XSS via ticket title field in SpiceWorks portal (CVE-2014-3740)	CWE-79

06 May 2026 22:30Current

5.3Medium risk

Vulners AI Score5.3

CVSS 23.5

EPSS0.02279

CWE-79