Lucene search

[email protected]NVD:CVE-2022-38220

HistoryMar 01, 2023 - 12:15 a.m.

CVE-2022-38220

2023-03-0100:15:10

CWE-79

[email protected]

web.nvd.nist.gov

xss

vulnerability

remote injection

web script

html

quest kace sma

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

37.7%

JSON

An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.

Affected configurations

Nvd

Node

questkace_systems_management_applianceRange≤12.1

VendorProductVersionCPE
questkace_systems_management_appliance*cpe:2.3:a:quest:kace_systems_management_appliance:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
quest	kace_systems_management_appliance	*	cpe:2.3:a:quest:kace_systems_management_appliance::::::::

References

support.quest.com/kb/339613

support.quest.com/kb/4368602/quest-response-to-kace-sma-vulnerability-cve-2022-38220

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

37.7%

JSON

Related for NVD:CVE-2022-38220

cvelist1 prion1 cve1