Vulnerabilities > Quest

DATE CVE VULNERABILITY TITLE RISK
2021-01-11 CVE-2020-35727 Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter.
network
quest CWE-79
3.5
2021-01-11 CVE-2020-35726 Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter.
network
quest CWE-79
4.3
2021-01-11 CVE-2020-35725 Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter.
network
quest CWE-79
4.3
2021-01-11 CVE-2020-35724 Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter).
network
quest CWE-79
3.5
2021-01-11 CVE-2020-35723 Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter.
network
quest CWE-79
3.5
2021-01-11 CVE-2020-35722 Cross-Site Request Forgery (CSRF) vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
** UNSUPPORTED WHEN ASSIGNED ** CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file.
network
quest CWE-352
4.3
2021-01-11 CVE-2020-35721 Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter.
network
quest CWE-79
3.5
2021-01-11 CVE-2020-35720 Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file.
network
quest CWE-79
3.5
2021-01-11 CVE-2020-35719 Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter.
network
quest CWE-79
4.3
2021-01-11 CVE-2020-35206 Cross-Site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter.
network
quest CWE-79
4.3