Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Allows Remote Code Injection via BrowseAssets.do Title Parameter

Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Allows Remote Code Injection via BrowseAssets.do Title Parameter

CVE-2020-35721 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Learn more about our Web Application Penetration Testing UK.