Lucene search

K
cvelistMitreCVELIST:CVE-2020-12256
HistoryMay 18, 2020 - 2:03 p.m.

CVE-2020-12256

2020-05-1814:03:51
mitre
www.cve.org

6.2 Medium

AI Score

Confidence

High

0.175 Low

EPSS

Percentile

96.2%

rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.

6.2 Medium

AI Score

Confidence

High

0.175 Low

EPSS

Percentile

96.2%