CVE-2020-35206

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200

Description: The issue allows attackers to inject malicious code into the browser via a specially crafted link to the "cConn.jsp" file using the ur parameter. This affects products that are no longer supported by the maintainer.

Recommendations: For Quest Policy Authority version 8.1.2.200, as a temporary workaround, consider restricting access to the "cConn.jsp" file to minimize the risk of exploitation. Avoid using the ur parameter in the affected link until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.