Lucene search

MitreCVELIST:CVE-2014-3740

HistorySep 11, 2014 - 6:00 p.m.

CVE-2014-3740

2014-09-1118:00:00

mitre

www.cve.org

AI Score

5.2

Confidence

High

EPSS

0.005

Percentile

75.6%

JSON

Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.

References

osvdb.org/show/osvdb/106916

packetstormsecurity.com/files/126596/SpiceWorks-7.2.00174-Cross-Site-Scripting.html

packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-Cross-Site-Scripting.html

research.openflare.org/advisories/OF-2014-07/spiceworks_xss.txt

research.openflare.org/poc/OF-2014-07/spiceworks_crafted_ticket.mp4

seclists.org/fulldisclosure/2014/Jun/42

secunia.com/advisories/58522

www.exploit-db.com/exploits/33330

www.securityfocus.com/archive/1/532346/100/0/threaded