Vulnerabilities > Quest
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-11 | CVE-2020-35204 | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. | 6.1 |
| 2021-01-11 | CVE-2020-35203 | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. | 6.1 |
| 2020-03-23 | CVE-2020-8868 | Use of Hard-coded Credentials vulnerability in Quest Foglight Evolve 9.0.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. | 9.8 |
| 2020-03-09 | CVE-2019-20504 | OS Command Injection vulnerability in Quest Kace Systems Management service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. | 9.8 |
| 2019-11-06 | CVE-2019-13081 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser. | 5.4 |
| 2019-11-06 | CVE-2019-13080 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser. | 5.4 |
| 2019-11-06 | CVE-2019-13079 | SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. | 8.8 |
| 2019-11-06 | CVE-2019-13078 | SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. | 8.8 |
| 2019-11-06 | CVE-2019-13077 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users. | 6.1 |
| 2019-11-06 | CVE-2019-13076 | SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. | 8.8 |