CVE-2020-13408

Name of the Vulnerable Software and Affected Versions Tufin SecureTrack versions prior to R20-2 GA

Description The issue concerns reflected and stored XSS, where an injected value is both reflected back to the user and stored in the database. This stored value can be triggered again by the same victim or by different users later on. Both types of payloads can be triggered by an admin, allowing a malicious non-authenticated user to potentially gain admin-level access. Additionally, a malicious low-privileged user can inject XSS, which can be executed by an admin, potentially leading to elevated privileges and admin access.

Recommendations For Tufin SecureTrack versions prior to R20-2 GA, update to version R20-2 GA or later to resolve the issue.