How severe is CVE-2020-13409?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2020-13409?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2020-13409 - MEDIUM Severity | CVSS 5.9

Q: What is CVE-2020-13409?

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 3 of 3)

Vulnerability Description

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 3 of 3)

Related Vulnerabilities

CVE-2018-6682

MEDIUM

CVSS:5.9(Medium)

Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.

CWE-792018

CVE-2019-14415

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another u...

CWE-792019

CVE-2019-7000

MEDIUM

CVSS:5.9(Medium)

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencin...

CWE-792019

CVE-2020-13407

MEDIUM

CVSS:5.9(Medium)

CWE-792020

CVE-2020-13408

MEDIUM

CVSS:5.9(Medium)

CWE-792020

CVE-2020-3439

MEDIUM

CVSS:5.9(Medium)

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ...

CWE-792020