Vulnerability Description
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
CVSS Score
3.5
LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spiceworks | Spiceworks | <= 7.2.00190 |
Related Weaknesses (CWE)
References
- http://osvdb.org/show/osvdb/106916
- http://packetstormsecurity.com/files/126596/SpiceWorks-7.2.00174-Cross-Site-ScriExploit
- http://packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-CrossExploit
- http://research.openflare.org/advisories/OF-2014-07/spiceworks_xss.txtExploit
- http://research.openflare.org/poc/OF-2014-07/spiceworks_crafted_ticket.mp4
- http://seclists.org/fulldisclosure/2014/Jun/42Exploit
- http://secunia.com/advisories/58522
- http://www.exploit-db.com/exploits/33330Exploit
- http://www.securityfocus.com/archive/1/532346/100/0/threaded
- http://osvdb.org/show/osvdb/106916
- http://packetstormsecurity.com/files/126596/SpiceWorks-7.2.00174-Cross-Site-ScriExploit
- http://packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-CrossExploit
- http://research.openflare.org/advisories/OF-2014-07/spiceworks_xss.txtExploit
- http://research.openflare.org/poc/OF-2014-07/spiceworks_crafted_ticket.mp4
- http://seclists.org/fulldisclosure/2014/Jun/42Exploit
FAQ
What is CVE-2014-3740?
CVE-2014-3740 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal...
How severe is CVE-2014-3740?
CVE-2014-3740 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3740?
Check the references section above for vendor advisories and patch information. Affected products include: Spiceworks Spiceworks.