Design/Logic Flaw

2019-11-0615:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user’s browser.

CPENameOperatorVersion
kace_systems_management_applianceeq9.1.317

CPE	Name	Operator	Version
	kace_systems_management_appliance	eq	9.1.317

References

support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report

www.quest.com/products/kace-systems-management-appliance/