4 matches found
rConfig 3.9.4 - Cross-Site Scripting
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php id: CVE-2020-12259 info: name: rConfig 3.9.4 - Cross-Site Scripting...
CVE-2020-12259
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php...
CVE-2020-12259
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php...
CVE-2020-12259
CVE-2020-12259 affects rConfig 3.9.4. The issue is a reflected XSS in the file devicemgmnt.php, caused by improper validation of the rid GET parameter, allowing an attacker to inject arbitrary JavaScript. The NUCLEI template confirms the vulnerability and describes the impact as reflected XSS. Re...