CVE-2020-35719

Vulnerability

A reflected cross-site scripting (XSS) vulnerability exists in Quest Policy Authority for Unified Communications version 8.1.2.200. The flaw resides in the /WebCM/Applications/Search/index.jsp file, where the added parameter is reflected in the response without proper sanitization or encoding. This allows an attacker to inject arbitrary HTML or JavaScript code that executes in the victim's browser. The product has reached end-of-life and is no longer supported by the vendor [1].

Exploitation

An attacker must craft a malicious link containing a JavaScript payload in the added parameter and trick a user into clicking it. No authentication is required. For example, a link such as https://target/WebCM/Applications/Search/index.jsp?added= would cause the injected script to execute in the context of the application domain when visited [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript within the security context of the vulnerable application. This can lead to session hijacking, credential theft, defacement, or redirection to malicious sites. The attack is performed in the context of the victim's session, potentially exposing sensitive data or enabling further attacks [1].

Mitigation

Quest has confirmed that the product has reached end-of-life and has been unsupported for over seven years at the time of disclosure. No patches will be issued [1]. The only mitigation is to upgrade to a supported product or restrict access to the vulnerable application as per organizational risk assessment.