Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quest vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2022-31555
The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Nurse Quest Project Nurse Quest
4.3
CVSSv2
CVE-2021-44028
XXE can occur in Quest KACE Desktop Authority prior to 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
Quest Kace Desktop Authority
7.5
CVSSv2
CVE-2021-44029
An issue exists in Quest KACE Desktop Authority prior to 11.2. This vulnerability allows malicious users to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption k...
Quest Kace Desktop Authority
4.3
CVSSv2
CVE-2021-44030
Quest KACE Desktop Authority prior to 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.
Quest Kace Desktop Authority
7.5
CVSSv2
CVE-2021-44031
An issue exists in Quest KACE Desktop Authority prior to 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID...
Quest Kace Desktop Authority
4.3
CVSSv2
CVE-2020-35204
Reflected XSS in Quest Policy Authority version 8.1.2.200 allows malicious users to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products tha...
Quest Policy Authority For Unified Communications 8.1.2.200
7.5
CVSSv2
CVE-2020-35205
Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows malicious users to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer suppor...
Quest Policy Authority For Unified Communications 8.1.2.200
4.3
CVSSv2
CVE-2020-35206
Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows malicious users to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no...
Quest Policy Authority For Unified Communications 8.1.2.200
4.3
CVSSv2
CVE-2020-35719
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote malicious users to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are...
Quest Policy Authority For Unified Communications 8.1.2.200
3.5
CVSSv2
CVE-2020-35720
Stored XSS in Quest Policy Authority 8.1.2.200 allows remote malicious users to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are n...
Quest Policy Authority For Unified Communications 8.1.2.200
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »