Lucene search
PRIOn knowledge basePRION:CVE-2020-13260HistorySep 17, 2020 - 8:15 p.m.
Cross site scripting
2020-09-1720:15:00
PRIOn knowledge base
www.prio-n.com
7
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.
| CPE | Name | Operator | Version |
|---|---|---|---|
| secflow-1v_firmware | eq | osimagesf2902.3.1.26 |
Related
cve
cve
CVE-2020-13260
2020-09-17 20:15:13
CVE-2020-13259
2020-09-16 19:15:13
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Rad Secflow-1V Firmware
2020-08-31 13:22:21
cvelist
cvelist
CVE-2020-13259
2020-09-16 18:27:44
CVE-2020-13260
2020-09-17 19:49:01
packetstorm
packetstorm
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery
2020-09-14 00:00:00
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting
2020-09-14 00:00:00
prion
prion
Cross site request forgery (csrf)
2020-09-16 19:15:00
nvd
nvd
CVE-2020-13260
2020-09-17 20:15:13
CVE-2020-13259
2020-09-16 19:15:13
exploitdb
exploitdb
RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting
2020-09-14 00:00:00
RAD SecFlow-1v SF_0290_2.3.01.26 - Cross-Site Request Forgery (Reboot)
2020-09-14 00:00:00
checkpoint_advisories
checkpoint_advisories
RAD SecFlow-1v Cross Site Request Forgery (CVE-2020-13259)
2020-11-25 00:00:00