3 matches found
CVE-2012-6658
Multiple cross-site scripting XSS vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the 1 syslocation, 2 syscontact, or 3 sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different...
Sql injection
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to apiv2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS...
CVE-2012-6658
CVE-2012-6658 affects SpiceWorks 5.3.75941 and describes multiple XSS vulnerabilities that allow an attacker to inject arbitrary web script or HTML via the syslocation, syscontact, or sysName settings in snmpd.conf. The root cause is improper handling of user-supplied values in these configuratio...