{"api_version":"1","generated_at":"2026-04-23T15:08:31+00:00","cve":"CVE-2019-13080","urls":{"html":"https://cve.report/CVE-2019-13080","api":"https://cve.report/api/cve/CVE-2019-13080.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-13080","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-13080"},"summary":{"title":"CVE-2019-13080","description":"Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-11-06 15:15:00","updated_at":"2019-11-07 21:16:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report","name":"https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report","refsource":"MISC","tags":["Vendor Advisory"],"title":"Quest response to Certezza vulnerability report (311388)","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.quest.com/products/kace-systems-management-appliance/","name":"https://www.quest.com/products/kace-systems-management-appliance/","refsource":"MISC","tags":["Product"],"title":"KACE Systems Management Appliance (K1000) | Endpoint Management","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-13080","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13080","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"13080","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"quest","cpe5":"kace_systems_management_appliance","cpe6":"9.1.317","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13080","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"quest","cpe5":"kace_systems_management_appliance","cpe6":"9.1.317","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-13080","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://www.quest.com/products/kace-systems-management-appliance/","refsource":"MISC","name":"https://www.quest.com/products/kace-systems-management-appliance/"},{"refsource":"MISC","name":"https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report","url":"https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report"}]}},"nvd":{"publishedDate":"2019-11-06 15:15:00","lastModifiedDate":"2019-11-07 21:16:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:quest:kace_systems_management_appliance:9.1.317:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"13080","Ordinal":"151436","Title":"CVE-2019-13080","CVE":"CVE-2019-13080","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"13080","Ordinal":"1","NoteData":"Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"13080","Ordinal":"2","NoteData":"2019-11-06","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"13080","Ordinal":"3","NoteData":"2019-11-06","Type":"Other","Title":"Modified"}]}}}