Spiceworks: >> Spiceworks >> 7.5.7.0 Security Vulnerabilities
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
CVSS Score
6.1
EPSS Score
0.023
Published
2020-12-18
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-09-15
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-09-01