CVE-2020-35204

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200

Description: The issue allows attackers to inject malicious code into the browser via a specially crafted link to the "PolicyAuthority/Common/FolderControl.jsp" file using the unqID parameter. This affects products that are no longer supported by the maintainer.

Recommendations: For Quest Policy Authority version 8.1.2.200, as a temporary workaround, consider restricting access to the "PolicyAuthority/Common/FolderControl.jsp" file until a solution is available. Avoid using the unqID parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.