Quest KACE Systems Management Appliance versions 9.0 and below suffer from a cross site scripting vulnerability.