Publish Date: Dec. 7, 2018
SummaryWe've identified and fixed a vulnerability in the Spiceworks WWW site concerning a tabnabbing vulnerability in the press article links.
Who’s Affected?At this time we do not believe anyone was impacted by this vulnerability.
DetailsA tabnabbing vulnerability was discovered in the Spiceworks Press Article Links area of the WWW site. If an attacker was able to gain control of a site that was linked to on this page, the attacker could then add malicious code that would redirect the Press Article Links tab (now in the background) to a malicious site. The attacker could phish for the victim’s Spiceworks credentials by mimicking the Spiceworks login page to make the victim think they had been signed out of the Community.
Mitigating FactorsIn order to use this vulnerability, the attacker would have to...