rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-18T13:00:17

Updated: 2024-08-04T11:48:58.505Z

Reserved: 2020-04-26T00:00:00

Link: CVE-2020-12259

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-05-18T13:15:10.893

Modified: 2024-11-21T04:59:23.867

Link: CVE-2020-12259

cve-icon Redhat

No data.