EUVD-2014-3683

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

XSS vulnerability in SpiceWorks before version 7.2.00195 allows script injection via ticket requests

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2014-3740	12 May 201400:00	–	circl
CVE	CVE-2014-3740	11 Sep 201418:00	–	cve
Cvelist	CVE-2014-3740	11 Sep 201418:00	–	cvelist
NVD	CVE-2014-3740	11 Sep 201418:55	–	nvd
Packet Storm	SpiceWorks IT Ticketing System Cross Site Scripting	9 Jun 201400:00	–	packetstorm
Prion	Cross site scripting	11 Sep 201418:55	–	prion
securityvulns	CVE-2014-3740 - SpiceWorks Cross-site scripting	14 Jun 201400:00	–	securityvulns
securityvulns	Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)	14 Jun 201400:00	–	securityvulns

[
  {
    "enisaIdVendor": [
      {
        "id": "61d206bb-7a5f-3c31-a4d3-17b0e8693a7c",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "54e50b04-54db-32d9-a570-357238744bd1",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/cve/CVE-2014-3740
securityfocus	www.securityfocus.com/archive/1/532346/100/0/threaded
osvdb	www.osvdb.org/show/osvdb/106916
seclists	www.seclists.org/fulldisclosure/2014/Jun/42
packetstormsecurity	www.packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-Cross-Site-Scripting.html
exploit-db	www.exploit-db.com/exploits/33330
research	www.research.openflare.org/advisories/OF-2014-07/spiceworks_xss.txt
secunia	www.secunia.com/advisories/58522
research	www.research.openflare.org/poc/OF-2014-07/spiceworks_crafted_ticket.mp4
packetstormsecurity	www.packetstormsecurity.com/files/126596/SpiceWorks-7.2.00174-Cross-Site-Scripting.html

07 Oct 2025 00:30Current

6.4Medium risk

Vulners AI Score6.4

CVSS 23.5

EPSS0.02279