Publish Date: May 24, 2019
SummaryWe've identified and fixed an issue with the join URL for the Spiceworks Community that could present a reflected cross-site scripting (XSS) vulnerability. This involves the referer parameter of the URL.
Who’s Affected?At this time we do not believe anyone was impacted by this vulnerability.
DetailsThis exploit used a type of cross-site scripting (XSS) called reflected XSS. This is the most common type of XSS attack found throughout the internet. A reflected XSS attack allows an attacker to inject browser executable code through a single HTTP response. In this case, an attacker could send an invitation to join the Spiceworks Community to the victim with the hidden referrer parameter containing the malicious code. Upon clicking the link, the code would be executed, potentially compromising the...