CVE-2020-13133
MEDIUMTufin SecureChange <R19.3 HF3 & R20-1 HF1 - Stored XSS
Title source: llmDescription
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1
References (2)
Core 2
Core References
Permissions Required x_refsource_misc
https://portal.tufin.com/aspx/SecurityAdvisories
Third Party Advisory x_refsource_misc
https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md
Scores
CVSS v3
6.1
EPSS
0.0151
EPSS Percentile
81.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
tufin/securechange
r19-3
tufin/securechange
r20-1
tufin/securechange
< r19-3
Published
Jan 20, 2021
Tracked Since
Feb 18, 2026