Reflected + Stored Cross-Site Scripting (XSS) vulnerability
Publish date
August 2020
Identifier
CVE-2020-13133
Manufacturer
Tufin
Product
SecureChange
Patched
https://portal.tufin.com/aspx/SecurityAdvisories R19.3 HF3 + R20.1 HF1
Authors
Andrej Šimko of Accenture
Description
Reflected + Stored Cross-Site Scripting (XSS) vulnerability in Tufin SecureChange, affecting all versions prior to 19.3 HF3. Fixed in version 19.3 HF3. To exploit the vulnerability, an attacker needs admin privileges.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13133