CVE-2020-35727

Vulnerability

Reflected Cross-Site Scripting (XSS) vulnerability in Quest Policy Authority 8.1.2.200 exists in the BrowseDirs.do file through the title parameter. An attacker can inject arbitrary JavaScript code via a specially crafted link. No authentication is required to exploit this vulnerability. [1]

Exploitation

An attacker constructs a malicious URL containing a crafted title parameter with JavaScript payload. When a victim clicks on the link, the browser renders the injected script in the context of the application, executing it without any user interaction beyond clicking the link. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser, potentially leading to theft of session cookies, defacement, or actions on behalf of the authenticated user. The attacker gains the same access as the victim within the application. [1]

Mitigation

Quest Policy Authority 8.1.2.200 is end-of-life and no longer supported by the vendor. No security patch is available or planned. The only mitigation is to upgrade or replace the product with a supported alternative. [1]