Publish Date: Feb. 21, 2019
SummaryWe've identified and fixed an issue with the login URL of Spiceworks Community that could present a reflected cross-site scripting (XSS) vulnerability. This involves the referer parameter of the URL.
Who’s Affected?At this time we do not believe anyone was impacted by this vulnerability.
DetailsThis exploit used a type of cross-site scripting (XSS) called reflected XSS. This is the most common type of XSS attack found throughout the internet. A reflected XSS attack allows an attacker to inject browser executable code through a single HTTP response. In this case, an attacker could send a login URL to the victim with the referrer parameter containing the malicious code. Upon clicking the link, the code would be executed, potentially compromising the victim.
Mitigating FactorsThe victim would have to...