Unrated severityNVD Advisory· Published Sep 11, 2014· Updated May 6, 2026

CVE-2014-3740

Description

Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.

Affected products

Spiceworks/Spiceworks3 versions
cpe:2.3:a:spiceworks:spiceworks:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:spiceworks:spiceworks:*:*:*:*:*:*:*:*range: <=7.2.00190
- cpe:2.3:a:spiceworks:spiceworks:7.2.00174:*:*:*:*:*:*:*
- cpe:2.3:a:spiceworks:spiceworks:7.2.00189:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/126596/SpiceWorks-7.2.00174-Cross-Site-Scripting.htmlnvdExploit
packetstormsecurity.com/files/126994/SpiceWorks-IT-Ticketing-System-Cross-Site-Scripting.htmlnvdExploit
research.openflare.org/advisories/OF-2014-07/spiceworks_xss.txtnvdExploit
seclists.org/fulldisclosure/2014/Jun/42nvdExploit
www.exploit-db.com/exploits/33330nvdExploit
osvdb.org/show/osvdb/106916nvd
research.openflare.org/poc/OF-2014-07/spiceworks_crafted_ticket.mp4nvd
secunia.com/advisories/58522nvd
www.securityfocus.com/archive/1/532346/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000