CVE-2020-35724
Summary
| CVE | CVE-2020-35724 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-11 03:15:00 UTC |
| Updated | 2023-11-07 03:22:00 UTC |
| Description | ** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Quest | Policy Authority For Unified Communications | 8.1.2.200 | All | All | All |
| Application | Quest | Policy Authority For Unified Communications | 8.1.2.200 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Advisory: Multiple Vulnerabilities in Quest Policy Authority for Unified Communications — Un4gi | MISC | un4gi.io | Exploit, Third Party Advisory |
| Advisory: Quest Policy Authority for Unified Communications - Multiple Vulnerabilities — Clandestine Labs | MISC | clandestinelabs.io | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.