Vulnerabilities > Quest > Kace Systems Management Appliance > Low

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-06	CVE-2019-13080	Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser. network quest CWE-79	3.5
2019-11-06	CVE-2019-13081	Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser. network quest CWE-79	3.5
2019-06-03	CVE-2018-5405	Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance Firmware The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. network quest CWE-79	3.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.