Vulnerabilities > Quest > Kace Systems Management Appliance Firmware > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-03	CVE-2018-5405	Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance Firmware 9.0 The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. network low complexity quest CWE-79	5.4
2019-06-03	CVE-2018-5404	SQL Injection vulnerability in Quest Kace Systems Management Appliance Firmware 9.0 The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. network low complexity quest CWE-89	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.