Lucene search
MitreCVELIST:CVE-2020-13260HistorySep 17, 2020 - 7:49 p.m.
CVE-2020-13260
2020-09-1719:49:01
mitre
www.cve.org
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.
Related
cve
cve
CVE-2020-13260
2020-09-17 20:15:13
CVE-2020-13259
2020-09-16 19:15:13
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Rad Secflow-1V Firmware
2020-08-31 13:22:21
prion
prion
Cross site scripting
2020-09-17 20:15:00
Cross site request forgery (csrf)
2020-09-16 19:15:00
cvelist
cvelist
CVE-2020-13259
2020-09-16 18:27:44
packetstorm
packetstorm
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery
2020-09-14 00:00:00
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting
2020-09-14 00:00:00
nvd
nvd
CVE-2020-13259
2020-09-16 19:15:13
CVE-2020-13260
2020-09-17 20:15:13
exploitdb
exploitdb
RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting
2020-09-14 00:00:00
RAD SecFlow-1v SF_0290_2.3.01.26 - Cross-Site Request Forgery (Reboot)
2020-09-14 00:00:00
checkpoint_advisories
checkpoint_advisories
RAD SecFlow-1v Cross Site Request Forgery (CVE-2020-13259)
2020-11-25 00:00:00