← back
CVE-2020-13260

CVE-2020-13260

EPSS 2.0%
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/48807unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cxsecurity.com/issue/WLB-2020090063https://www.exploit-db.com/exploits/48807https://www.rad.com/products/secflow-1v-IIoT-Gateway#panels-ipe-paneid-143837