CVE-2018-11133 Scanner
CVE-2018-11133 Scanner - Cross-Site Scripting (XSS) vulnerability in Quest KACE System Management Appliance
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
13 days 18 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Quest KACE System Management Appliance is a comprehensive systems management solution designed to automate IT tasks such as patching, software distribution, asset management, and reporting. It is primarily used by IT administrators and enterprises to manage a wide array of endpoints in a centralized manner. The software provides a web-based management interface that facilitates deployment and configuration of system-level tasks. Version 8.0.318 is among the builds used in mid-sized and large enterprise environments. Its reporting modules enable visualization and export of organizational IT data. These features are accessed via various web endpoints.
This scanner detects a cross-site scripting (XSS) vulnerability in the `fmt` parameter of the `/common/run_cross_report.php` script. The vulnerability stems from the application's failure to properly sanitize user input supplied to the parameter. Malicious users can exploit this flaw by injecting JavaScript payloads that are executed in the context of a user’s browser. The vulnerability requires the user to open a maliciously crafted URL, making it a reflected XSS attack.
The vulnerable endpoint accepts the `fmt` parameter via a GET request. When a specially crafted JavaScript payload is inserted into the `fmt` parameter, the script is echoed back into the response body without proper encoding. Successful exploitation results in the execution of the script on the client-side, as evidenced by the presence of a script such as `alert(document.domain)` in the response. This allows attackers to steal cookies, session tokens, or perform other actions on behalf of the user.
If exploited, attackers may perform session hijacking, redirect users to malicious websites, or impersonate users by abusing their session context. The impact of the vulnerability is heightened when exploited against administrators or privileged users, as their sessions grant wider access to system configurations. Additionally, persistent attacks through links embedded in emails or internal dashboards could compromise multiple users. While the vulnerability requires user interaction, the risk is still significant in high-trust environments.
REFERENCES
