CVE-2020-35720

Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields first name, last name, and logon name when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the...

CVE-2020-35720

Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields first name, last name, and logon name when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the...

CVE-2020-35722

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Cross site scripting

Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields first name, last name, and logon name when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the...

Cross site request forgery (csrf)

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35722

CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35722

The data shows a concrete CSRF vulnerability in Quest Policy Authority 8.1.2.200, affecting the Web Compliance Manager component (submitUser.jsp) and enabling remote modification/creation of user accounts. Root cause: CSRF in Web Compliance Manager. Impact: allows unauthorized user modifications ...

CVE-2020-35720

CVE-2020-35720 affects Quest Policy Authority 8.1.2.200. A stored XSS vulnerability exists in multiple user-creation/modification fields (first name, last name, logon name) via submitUser.jsp. Exploitation details are not provided beyond this description. The vulnerability impacts products no lon...

Quest Policy Authority Cross-Site Scripting Vulnerability

Quest Software Policy Authority For Unified Communications is a software from Quest Software, Inc. that is used in enterprise environments to consolidate communication data text and instant messaging, videoconferencing, email and voicemail between various media. A cross-site scripting vulnerabili...