Vulnerabilities > Quest > Kace Systems Management Appliance > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2022-38220 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | 6.1 |
| 2019-11-06 | CVE-2019-13079 | SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. | 6.5 |
| 2019-11-06 | CVE-2019-13078 | SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. | 6.5 |
| 2019-11-06 | CVE-2019-13077 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users. | 4.3 |
| 2019-11-06 | CVE-2019-13076 | SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. | 6.5 |
| 2019-11-06 | CVE-2019-12917 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance 9.1.317 A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. | 4.3 |
| 2019-06-03 | CVE-2018-5404 | SQL Injection vulnerability in Quest Kace Systems Management Appliance Firmware The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. | 4.0 |
| 2019-05-24 | CVE-2019-11604 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An issue was discovered in Quest KACE Systems Management Appliance before 9.1. | 4.3 |