CVE-2020-35722

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35206

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no longer supported by th...

CVE-2020-35205

Server Side Request Forgery SSRF in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35203

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported b...

CVE-2020-35203

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported b...

CVE-2020-35205

Server Side Request Forgery SSRF in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35206

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no longer supported by th...

Server side request forgery (ssrf)

Server Side Request Forgery SSRF in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Cross site scripting

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported b...

Cross site scripting

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no longer supported by th...

CVE-2020-35722

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35722

The data shows a concrete CSRF vulnerability in Quest Policy Authority 8.1.2.200, affecting the Web Compliance Manager component (submitUser.jsp) and enabling remote modification/creation of user accounts. Root cause: CSRF in Web Compliance Manager. Impact: allows unauthorized user modifications ...

CVE-2020-35205

Server Side Request Forgery SSRF in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35206

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no longer supported by th...

CVE-2020-35206

CVE-2020-35206 is a Reflected XSS in Quest Policy Authority (Web Compliance Manager) version 8.1.2.200, triggered by a crafted link to cConn.jsp via the ur parameter. Multiple connected sources (Red Hat, NVD, CVE lists, PT-Security) confirm the affected product and vector; public details are limi...

CVE-2020-35203

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported b...

CVE-2020-35203

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported b...

CVE-2020-35203

Consolidated details from connected sources confirm CVE-2020-35203 describes a Reflected XSS in Quest Policy Authority’s Web Compliance Manager (version 8.1.2.200). The vulnerability arises when an attacker crafts a link targeting initFile.jsp with a malicious msg parameter, enabling script injec...

PT-2021-11834 · Quest · Quest Policy Authority

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to force user modification or creation via a specially crafted link to the submitUser.jsp file. This is a result of a CSRF vulnerability in the Web...

PT-2021-11723 · Quest · Quest Policy Authority

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows attackers to perform Server Side Request Forgery SSRF in the Web Compliance Manager component, enabling them to scan internal ports and make outbound connections via the...