Publish Date: Aug 30, 2022
SummaryWe've identified and fixed multiple issues in Cloud Help Desk and Community that could present a stored cross-site scripting (XSS) vulnerability. Areas with vulnerabilities include the Cloud Help Desk "Reports" page, Community Collections, User Profile (job experience and city/country fields).
Who’s Affected?At this time we do not believe any user was impacted by this vulnerability.
DetailsThis exploit used a type of cross-site scripting (XSS) called stored XSS. This allows an attacker to inject browser executable code through an input form and have the malicious code execute when someone else views the page. In these cases, an attacker could input malicious code to fields in the Edit Profile and Job Experience tabs on the Spiceworks Community profile, or ticket content in the Cloud Help Desk. When the...