Kace Systems Management Appliance
CVE-2019-13080
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser.
AnalysisAI
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser. Affected products include: Quest Kace Systems Management Appliance.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. Rated medium severity (CVSS 6.1), this vu
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.1
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. Rated
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow fo
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. Rated critical sev
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linkin
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveragi
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SA
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the user
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today