Описание
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
Ссылки
- Exploit
- http://packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-Cross-Site-Scripting.htmlExploit
- Exploit
- Exploit
- Exploit
- Exploit
- http://packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-Cross-Site-Scripting.htmlExploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 7.2.00190 (включая)
Одно из
cpe:2.3:a:spiceworks:spiceworks:*:*:*:*:*:*:*:*
cpe:2.3:a:spiceworks:spiceworks:7.2.00174:*:*:*:*:*:*:*
cpe:2.3:a:spiceworks:spiceworks:7.2.00189:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02977
Низкий
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
EPSS
Процентиль: 86%
0.02977
Низкий
3.5 Low
CVSS2
Дефекты
CWE-79