Vulnerabilities > Quest > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-21 | CVE-2023-33254 | Incorrect Authorization vulnerability in Quest Kace Systems Deployment Appliance 9.0.146 There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. | 6.5 |
| 2023-03-01 | CVE-2022-38220 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | 6.1 |
| 2021-12-22 | CVE-2021-44028 | XXE vulnerability in Quest Kace Desktop Authority XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. | 4.3 |
| 2021-12-22 | CVE-2021-44030 | Cross-site Scripting vulnerability in Quest Kace Desktop Authority Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. | 4.3 |
| 2021-01-11 | CVE-2020-35727 | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. | 5.4 |
| 2021-01-11 | CVE-2020-35726 | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. | 6.1 |
| 2021-01-11 | CVE-2020-35725 | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. | 6.1 |
| 2021-01-11 | CVE-2020-35724 | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). | 5.4 |
| 2021-01-11 | CVE-2020-35723 | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. | 5.4 |
| 2021-01-11 | CVE-2020-35722 | Cross-Site Request Forgery (CSRF) vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. | 6.5 |