CVE-2020-35726

Vulnerability

A reflected cross-site scripting (XSS) vulnerability exists in Quest Policy Authority for Unified Communications version 8.1.2.200. The issue is located in the /WebCM/Applications/Reports/index.jsp file, where the by parameter is reflected in the HTTP response without proper sanitization or encoding. This vulnerability affects only the unsupported version 8.1.2.200, as the product has been end-of-life for over seven years [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by crafting a malicious link containing JavaScript payload in the by parameter and tricking a victim into clicking it. No authentication or special privileges are required. For example, a link such as /WebCM/Applications/Reports/index.jsp?by= would execute the attacker's script in the victim's browser session [1].

Impact

Successful exploitation leads to arbitrary JavaScript execution in the victim's browser, which can result in session hijacking, information disclosure (including cookies), and further malicious actions within the context of the vulnerable application. The attacker gains the ability to perform actions as the victim user, potentially accessing sensitive data or performing unauthorized operations [1].

Mitigation

Quest confirmed that Policy Authority for Unified Communications version 8.1.2.200 has reached end-of-life and is no longer supported (status as of January 2021). No patches will be issued, and users are advised to migrate to an alternative product or implement a web application firewall (WAF) to block malicious requests to the vulnerable endpoint [1].