CVE-2020-35721: XSS
First published: Mon Jan 11 2021(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest Policy Authority For Unified Communications | =8.1.2.200 | |
| =8.1.2.200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2020-35721.
What is the severity rating of CVE-2020-35721?
The severity rating of CVE-2020-35721 is medium with a score of 5.4.
What is the affected software version?
The affected software version is Quest Policy Authority 8.1.2.200.
How can remote attackers exploit this vulnerability?
Remote attackers can exploit this vulnerability by injecting malicious code into the browser via a specially crafted link to the BrowseAssets.do file using the title parameter.
Are there any known fixes for this vulnerability?
There are no known fixes for this vulnerability as the product is no longer supported.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/quest
- canonical/quest policy authority for unified communications
- version/quest policy authority for unified communications/8.1.2.200