3 matches found
CVE-2014-3740
CVE-2014-3740 is a stored XSS vulnerability in SpiceWorks IT ticketing system prior to version 7.2.00195. The issue allows remote authenticated users to inject arbitrary script or HTML via the Summary field when submitting a ticket, with exploitation potentially affecting admin sessions when view...
CVE-2014-3740
Cross-site scripting XSS vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page...
SpiceWorks IT Ticketing System Cross Site Scripting
Exploit Title: Multiple Stored XSS vulnerabilities in SpiceWorks Ticketing system CVE: CVE-2014-3740 Vendor: SpiceWorks Product: SpiceWorks IT ticketing system Affected versions: any version below 7.2.00195 Fixed version: 7.2.00195 1. About the application: ======================= SpiceWorks is a...