CVE-2020-35726

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200

Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "/WebCM/Applications/Reports/index.jsp" file via the by parameter. This affects products that are no longer supported by the maintainer.

Recommendations: For Quest Policy Authority version 8.1.2.200, as a temporary workaround, consider restricting access to the "/WebCM/Applications/Reports/index.jsp" file until a solution is available. Avoid using the by parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.