XSS Vulnerability in Quest KACE Systems Management Appliance
CVE-2019-13077

6.1MEDIUM

Key Information:

Vendor: Quest
Status: Kace Systems Management Appliance
Vendor: CVE Published:; 6 November 2019

What is CVE-2019-13077?

The Quest KACE Systems Management Appliance Server Center 9.1.317 is susceptible to a Cross-Site Scripting (XSS) vulnerability, triggered via the 'sam_detail_titled.php' SAM_TYPE parameter. This security flaw allows attackers to craft a malicious link that, when clicked by an authenticated user, executes arbitrary scripts in their web browser. As a result, sensitive information may be exposed, and unauthorized actions could be performed on behalf of the user. Mitigating this vulnerability is crucial to safeguarding user data and maintaining the overall security of the affected systems.

References

https://www.quest.com/products/kace-systems-management-ap...

x_refsource_MISC

https://support.quest.com/kb/311388/quest-response-to-cer...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2019
Vulnerability Reserved
Jun 30, 2019