{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T08:52:52.044","vulnerabilities":[{"cve":{"id":"CVE-2020-35724","sourceIdentifier":"cve@mitre.org","published":"2021-01-11T03:15:13.977","lastModified":"2024-11-21T05:27:56.743","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"},{"lang":"es","value":"** NO COMPATIBLE CUANDO SE ASIGNÓ ** Una vulnerabilidad de tipo XSS reflejado en Quest Policy Authority versión 8.1.2.200, permite a atacantes remotos inyectar código malicioso en el navegador por medio de un enlace especialmente diseñado en el archivo Error.jsp por medio del parámetro err (o indirectamente por medio de cpr, tcp, o parámetro abs).&#xa0;NOTA: Esta vulnerabilidad solo afecta a los productos que no son compatibles con el mantenedor"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quest:policy_authority_for_unified_communications:8.1.2.200:*:*:*:*:*:*:*","matchCriteriaId":"C4ADC1F4-3790-4182-B1BF-40D1CD51B785"}]}]}],"references":[{"url":"https://clandestinelabs.io/security-advisories/advisory-multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://un4gi.io/blog/multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://clandestinelabs.io/security-advisories/advisory-multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://un4gi.io/blog/multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}