Publish Date: June 14, 2019
SummaryWe've identified and fixed an issue with the Job Experience tab of the Spiceworks Community profile that could present a stored cross-site scripting (XSS) vulnerability.
Who’s Affected?At this time we do not believe any user was impacted by this vulnerability.
DetailsThis exploit used a type of cross-site scripting (XSS) called stored XSS. This allows an attacker to inject browser executable code through an input form and have the malicious code execute when someone else views the page. In this case, an attacker could input malicious code to the Company Name field in the Job Experience tab on the Spiceworks Community profile. When the attacker’s profile is then viewed by a victim, the malicious code will execute, potentially compromising the victim’s system.
Mitigating FactorsThe attacker would...