CVE-2020-35724

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200

Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "Error.jsp" file. This can be achieved directly via the err parameter or indirectly via the cpr, tcp, or abs parameters. It's noted that this issue only affects products that are no longer supported by the maintainer.

Recommendations: For Quest Policy Authority version 8.1.2.200, as a temporary workaround, consider restricting access to the "Error.jsp" file or disabling the use of the err, cpr, tcp, and abs parameters until a solution is available. However, since the product is no longer supported, updating to a supported version is not an option. At the moment, there is no information about a newer version that contains a fix for this issue.