Vulnerabilities > Quest > Kace System Management Appliance > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-31 | CVE-2018-11137 | Path Traversal vulnerability in Quest Kace System Management Appliance 8.0.318 The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. | 4.0 |
| 2018-05-31 | CVE-2018-11133 | Cross-site Scripting vulnerability in Quest Kace System Management Appliance 8.0.318 The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. | 4.3 |