fkie_nvd - fkie_cve-2019-13080

fkie_cve-2019-13080

Vulnerability from fkie_nvd

Published

2019-11-06 15:15

Modified

2024-11-21 04:24

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser.

References

URL	Tags
cve@mitre.org	https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report	Vendor Advisory
cve@mitre.org	https://www.quest.com/products/kace-systems-management-appliance/	Product
af854a3a-2127-422b-91ae-364da2661108	https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.quest.com/products/kace-systems-management-appliance/	Product

Impacted products

	Vendor	Product	Version
	quest	kace_systems_management_appliance	9.1.317

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quest:kace_systems_management_appliance:9.1.317:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A273F5-6353-4595-BCE9-DBCFBEFB5F9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator\u0027s browser."
    },
    {
      "lang": "es",
      "value": "Quest KACE Systems Management Appliance Server Center versi\u00f3n 9.1.317, presenta una vulnerabilidad de tipo XSS (por medio de una imagen SVG y un archivo HTML) lo que permite a un usuario autenticado ejecutar JavaScript arbitrario en el navegador de un administrador."
    }
  ],
  "id": "CVE-2019-13080",
  "lastModified": "2024-11-21T04:24:09.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-06T15:15:11.423",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://www.quest.com/products/kace-systems-management-appliance/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://www.quest.com/products/kace-systems-management-appliance/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2019-13080

Vulnerability from cvelistv5

Published

2019-11-06 14:53

Modified

2024-08-04 23:41