CVE-2019-11604
Summary
| CVE | CVE-2019-11604 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-05-24 17:29:00 UTC |
| Updated | 2019-05-29 23:54:00 UTC |
| Description | An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code into the context of the same page. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Quest | Kace Systems Management Appliance | All | All | All | All |
| Application | Quest | Kace Systems Management Appliance | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Quest KACE Systems Management Appliance 9.0 Cross Site Scripting ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| RCE Security | MISC | www.rcesecurity.com | Third Party Advisory |
| Full Disclosure: [CVE-2019-11604] Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting | FULLDISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.