CVE-2019-13080

{"id": "CVE-2019-13080", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2019-11-06T15:15:11.423", "references": [{"url": "https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.quest.com/products/kace-systems-management-appliance/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser."}, {"lang": "es", "value": "Quest KACE Systems Management Appliance Server Center versi\u00f3n 9.1.317, presenta una vulnerabilidad de tipo XSS (por medio de una imagen SVG y un archivo HTML) lo que permite a un usuario autenticado ejecutar JavaScript arbitrario en el navegador de un administrador."}], "lastModified": "2019-11-07T21:16:00.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:quest:kace_systems_management_appliance:9.1.317:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58A273F5-6353-4595-BCE9-DBCFBEFB5F9F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}