CVE-2022-38220

Name of the Vulnerable Software and Affected Versions Quest KACE Systems Management Appliance (SMA) versions prior to 12.1

Description A cross-site scripting (XSS) issue exists, potentially allowing remote injection of arbitrary web script or HTML. This could be exploited through API endpoints, although specific endpoints are not mentioned. The issue may allow attackers to inject malicious scripts, potentially leading to unauthorized access or control of the affected system.

Recommendations For versions prior to 12.1, update to version 12.1 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.