QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11604

Published: May 24, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code into the context of the same page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.rcesecurity.com/

x_refsource_MISC

http://packetstormsecurity.com/files/153053/Quest-KACE-Systems-Management-Appliance-9.0-Cross-Site-Scripting.html

x_refsource_MISC

20190524 [CVE-2019-11604] Quest KACE Systems Management Appliance <= 9.0 kbot_service_notsoap.php METHOD Reflected Cross-Site Scripting

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.