Cross-Site Scripting Vulnerability in Quest KACE Desktop Authority
CVE-2021-44030

6.1MEDIUM

Key Information:

Vendor

Quest

Vendor
CVE Published:
22 December 2021

What is CVE-2021-44030?

The vulnerability in Quest KACE Desktop Authority allows for cross-site scripting (XSS) attacks due to insufficient filtering of untrusted HTML content before it reaches the jQuery.htmlPrefilter method. This could potentially enable attackers to inject malicious scripts, compromising the security of the affected systems. Users are encouraged to upgrade to version 11.2 or later to mitigate this issue effectively.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-44030 : Cross-Site Scripting Vulnerability in Quest KACE Desktop Authority