Spiceworks - Spiceworks CVE

Filtered by vendor Spiceworks Subscribe

Filtered by product Spiceworks

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-25901	1 Spiceworks	1 Spiceworks	2021-10-18	5.8 MEDIUM	6.1 MEDIUM
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
CVE-2020-23450	1 Spiceworks	1 Spiceworks	2020-09-08	3.5 LOW	5.4 MEDIUM
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization.

Vulnerabilities (CVE)