Publish Date: Oct. 05, 2018
SummaryWe've identified and fixed a vulnerability in the Spiceworks Community Profile Contact Info Twitter field concerning an XSS (cross-site scripting) vulnerability.
Who’s Affected?At this time we do not believe anyone was impacted by this vulnerability.
DetailsAn XSS vulnerability was discovered within the Spiceworks Community Profile Contact Info that could allow an attacker who had access to the victim’s Spiceworks Community account to edit the Contact Info and input a malicious script to the Twitter name field. Once the profile has been saved, the malicious script would execute if the victim went to edit their profile again. Due to the nature of this vulnerability, only a single user could be targeted.
Mitigating FactorsTo exploit this vulnerability, the attacker would have to gain access to the...