Vulnerabilities > Spiceworks > Spiceworks > 7.2.00217
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-15 | CVE-2020-23451 | Cross-Site Request Forgery (CSRF) vulnerability in Spiceworks Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. | 8.8 |
| 2020-09-01 | CVE-2020-23450 | Cross-site Scripting vulnerability in Spiceworks Spiceworks Version <= 7.5.00107 is affected by XSS. | 5.4 |