Lucene search
K

6 matches found

OSV
OSV
added 2020/09/17 8:15 p.m.3 views

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

6.1CVSS6.8AI score0.01982EPSS
Exploits5References3
CVE
CVE
added 2020/09/17 7:49 p.m.81 views

CVE-2020-13260

The CVE-2020-13260 entry concerns RAD SecFlow-1v web-based management interface (SF_0290_2.3.01.26). A vulnerability allows an authenticated attacker to upload a JavaScript file as a stored XSS payload, which is saved in the system as an OVPN config or a static key file. The payload executes when...

6.1CVSS6.8AI score0.01982EPSS
Exploits5References3Affected Software1
Prion
Prion
added 2020/09/16 7:15 p.m.21 views

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF02902.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on a...

9.3CVSS7.6AI score0.04663EPSS
Exploits7References2Affected Software1
Cvelist
Cvelist
added 2020/09/16 6:27 p.m.60 views

CVE-2020-13259

A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF02902.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on a...

7.7AI score0.04663EPSS
Exploits6References2
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.515 views

RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting

Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...

0.1AI score0.04663EPSS
Exploits7
Exploit DB
Exploit DB
added 2020/09/14 12:0 a.m.592 views

RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting

Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...

9.3CVSS7.4AI score0.04663EPSS
Exploits7
Rows per page
Query Builder