Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-11	CVE-2020-35721	Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. network low complexity quest CWE-79	5.4
2021-01-11	CVE-2020-35720	Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. network low complexity quest CWE-79	5.4
2021-01-11	CVE-2020-35719	Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. network low complexity quest CWE-79	6.1
2021-01-11	CVE-2020-35206	Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. network low complexity quest CWE-79	6.1
2021-01-11	CVE-2020-35204	Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. network low complexity quest CWE-79	6.1
2021-01-11	CVE-2020-35203	Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. network low complexity quest CWE-79	6.1
2019-11-06	CVE-2019-13079	SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. network low complexity quest CWE-89	6.5
2019-11-06	CVE-2019-13078	SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. network low complexity quest CWE-89	6.5
2019-11-06	CVE-2019-13077	Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users. network quest CWE-79	4.3
2019-11-06	CVE-2019-13076	SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. network low complexity quest CWE-89	6.5