Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
References
Link | Resource |
---|---|
http://spiceworks.com | Product |
https://abuyv.com/cve/spiceworks-csrf-via-xss | Exploit Third Party Advisory |
Configurations
Information
Published : 2020-09-15 07:15
Updated : 2020-09-18 13:21
NVD link : CVE-2020-23451
Mitre link : CVE-2020-23451
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
spiceworks
- spiceworks