CVE-2022-38220: XSS
First published: Tue Feb 28 2023(Updated: )
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest KACE Systems Management Appliance | <=12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-38220?
CVE-2022-38220 is an XSS vulnerability in Quest KACE Systems Management Appliance (SMA) through version 12.1 that allows remote injection of arbitrary web script or HTML.
How severe is CVE-2022-38220?
CVE-2022-38220 has a severity score of 6.1, which is considered medium.
How can the XSS vulnerability be exploited?
An attacker can exploit the XSS vulnerability in Quest KACE Systems Management Appliance (SMA) through version 12.1 by injecting arbitrary web script or HTML remotely.
What is the affected version of Quest KACE Systems Management Appliance (SMA)?
The vulnerability affects all versions of Quest KACE Systems Management Appliance (SMA) up to and including version 12.1.
Is there a fix available for CVE-2022-38220?
Yes, Quest has released a fix for CVE-2022-38220. It is recommended to upgrade to the latest version of Quest KACE Systems Management Appliance (SMA) to mitigate the vulnerability.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/quest
- canonical/quest kace systems management appliance
- version/quest kace systems management appliance/12.1