CVE-2019-11604: XSS
First published: Fri May 24 2019(Updated: )
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code into the context of the same page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest KACE Systems Management Appliance | <9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-11604?
CVE-2019-11604 is a vulnerability in Quest KACE Systems Management Appliance before 9.1 that allows unauthenticated reflected XSS.
How severe is CVE-2019-11604?
CVE-2019-11604 has a severity rating of 6.1, which is considered medium.
What software is affected by CVE-2019-11604?
Quest KACE Systems Management Appliance versions up to and including 9.1 are affected by CVE-2019-11604.
What is the Common Weakness Enumeration (CWE) for CVE-2019-11604?
CVE-2019-11604 is classified under CWE-79, which is Cross-Site Scripting (XSS).
How can I fix the vulnerability in Quest KACE Systems Management Appliance?
To fix the vulnerability, it is recommended to upgrade to a version later than 9.1 of Quest KACE Systems Management Appliance.
- collector/nvd-index
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/quest
- canonical/quest kace systems management appliance