{"vulnerability": "CVE-2020-3520", "sightings": [{"uuid": "56462e29-e16a-4d0a-8f70-4c8221a0a479", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35203", "type": "seen", "source": "https://t.me/cibsecurity/21889", "content": "\u203c CVE-2020-35203 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:12.000000Z"}, {"uuid": "d6cc9666-ca09-45d6-ab5b-51d0694106c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35209", "type": "seen", "source": "https://t.me/cibsecurity/34174", "content": "\u203c CVE-2020-35209 \u203c\n\nAn issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T22:36:22.000000Z"}, {"uuid": "344b3dcd-2f6a-41da-b46b-10684f4b8088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35205", "type": "seen", "source": "https://t.me/cibsecurity/21894", "content": "\u203c CVE-2020-35205 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:17.000000Z"}, {"uuid": "f3c1aeb1-85a1-48d6-a100-63d74859a031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35206", "type": "seen", "source": "https://t.me/cibsecurity/21888", "content": "\u203c CVE-2020-35206 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:11.000000Z"}, {"uuid": "8db845df-6500-48ea-a1fd-a5bd47e5bc2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35204", "type": "seen", "source": "https://t.me/cibsecurity/21881", "content": "\u203c CVE-2020-35204 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-11T07:45:02.000000Z"}, {"uuid": "b076f18e-c4bb-4867-aa9d-4f525d8879ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35201", "type": "seen", "source": "https://t.me/cibsecurity/20730", "content": "\u203c CVE-2020-35201 \u203c\n\nIgnite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T20:36:47.000000Z"}, {"uuid": "ecd18f24-676a-43be-8bbb-8f2c3b61b81b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35202", "type": "seen", "source": "https://t.me/cibsecurity/20729", "content": "\u203c CVE-2020-35202 \u203c\n\nIgnite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T20:36:46.000000Z"}, {"uuid": "9479e9d5-d75d-4f35-ba09-0f524f330c1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-35200", "type": "seen", "source": "https://t.me/cibsecurity/20728", "content": "\u203c CVE-2020-35200 \u203c\n\nIgnite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-12T20:36:46.000000Z"}]}