Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23451 Reference (s):
- http://spiceworks.com
- https://abuyv.com/cve/spiceworks-csrf-via-xss