Spiceworks Community Twitter Handle XSS Vulnerability
Publish Date: Oct. 05, 2018 Summary We've identified and fixed a vulnerability in the Spiceworks Community Profile Contact Info Twitter field concerning an XSS (cross-site scripting) vulnerability....
View ArticleCommunity Registered Email Exposure Vulnerability
Publish Date: Oct. 23, 2018 Summary We've identified and fixed a vulnerability in the Spiceworks Community that could allow an attacker to determine if a Spiceworks Community account exists for a...
View ArticleCommunity ImageMagick Vulnerabilities
Publish Date: Nov. 9, 2018 Summary The Spiceworks Community uses ImageMagick for some image uploads. Vulnerabilities were discovered that could allow an attacker to gain access to most of the Community...
View ArticleCommunity App Center Improper SSL Certificate Verification Vulnerability
Publish Date: Nov. 19, 2018 Summary We've identified and fixed a vulnerability in the Spiceworks Community App Center concerning an improper SSL Certificate Verification upon logging in through certain...
View ArticleSpiceworks Website Press Links Tabnabbing Vulnerability
Publish Date: Dec. 7, 2018 Summary We've identified and fixed a vulnerability in the Spiceworks WWW site concerning a tabnabbing vulnerability in the press article links. Who’s Affected? At this time...
View ArticleCloud Help Desk User Portal Ticket Creation Vulnerability
Publish Date: Dec. 14, 2018 Summary We've identified and fixed a vulnerability within the Spiceworks Cloud Help Desk User Portal that would allow an attacker to spam the victim’s help desk with tickets...
View ArticleSpiceworks Sub-domain TRACE Vulnerability
Publish Date: Jan. 11, 2019 Summary We've identified and fixed a vulnerability within a Spiceworks sub-domain that, when used alongside other potential vulnerabilities, could allow an attacker to steal...
View ArticleCommunity Country PII Vulnerability
Publish Date: Feb. 1, 2019 Summary We've identified and fixed a vulnerability in the Spiceworks Community that would allow an attacker to determine the country of a user, even if that user had chosen...
View ArticleCommunity Login URL Referer Reflected XSS Vulnerability
Publish Date: Feb. 21, 2019 Summary We've identified and fixed an issue with the login URL of Spiceworks Community that could present a reflected cross-site scripting (XSS) vulnerability. This involves...
View ArticleInventory Online Device Information Vulnerability
Publish Date: Mar. 15, 2019 Summary We've identified a vulnerability in the Spiceworks Inventory online that would allow an attacker to access victim’s PII, agent info, secret key, related help desk...
View ArticleCloud Help Desk Ruby on Rails Update
Publish Date: Mar. 29, 2019 Summary We've updated the Ruby on Rails version used by the Spiceworks Cloud Help Desk in order to patch a security vulnerability. Who’s Affected? At this time, we do not...
View ArticleCommunity Invitation URL Vulnerability
Publish Date: Apr. 19, 2019 Summary We've identified and fixed a vulnerability in the Spiceworks Community that would allow an attacker to download a CSV file containing some user names and associated...
View ArticleCloud Help Desk Browser Cache Vulnerability
Publish Date: May 9, 2019 Summary We've identified a vulnerability in the Spiceworks Cloud Help Desk that would allow an attacker with access to a victim’s computer to utilize the browser’s cache to...
View ArticleCommunity Join URL Referer Reflected XSS Vulnerability
Publish Date: May 24, 2019 Summary We've identified and fixed an issue with the join URL for the Spiceworks Community that could present a reflected cross-site scripting (XSS) vulnerability. This...
View ArticleCommunity Profile Job Experience Stored XSS Vulnerability
Publish Date: June 14, 2019 Summary We've identified and fixed an issue with the Job Experience tab of the Spiceworks Community profile that could present a stored cross-site scripting (XSS)...
View ArticleSpiceworks Website WordPress Publisher Vulnerability
Publish Date: July 12, 2019 Summary We've identified a vulnerability in the Spiceworks WWW site that would allow an attacker to view the names of people who have published articles through WordPress on...
View ArticlePassword Reset Rate Limit Vulnerability
Publish Date: July 12, 2019 Summary We've identified a vulnerability in Spiceworks account password reset mechanism. The “current password” field was lacking a rate limiter, allowing an attacker to...
View ArticleNetwork Monitor Privilege Escalation Vulnerability
Publish Date: January 17, 2020Summary Malicious users with login access to the Network Monitor host machine can write malicious files on the system potentially allowing the user to perform an attack...
View ArticleDesktop Host Header Injection vulnerability
Publish Date: March 4, 2021SummaryA Host Header Injection vulnerability may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to an...
View ArticleCloud Help Desk & Inventory online integration authorization vulnerability
Publish Date: Mar. 8, 2021Summary We've identified a bug in the Spiceworks Inventory online and Cloud Help Desk products that would allow a user of the Inventory online product to access limited...
View Article