CVE-2020-12256: XSS
First published: Mon May 18 2020(Updated: )
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | =3.9.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this rConfig vulnerability?
The vulnerability ID for this rConfig vulnerability is CVE-2020-12256.
What is the severity level of CVE-2020-12256?
CVE-2020-12256 has a severity level of medium.
How does this vulnerability affect rConfig?
This vulnerability affects rConfig version 3.9.4.
What is the CWE ID associated with CVE-2020-12256?
The CWE ID associated with CVE-2020-12256 is CWE-79.
How can an attacker exploit CVE-2020-12256?
An attacker can exploit CVE-2020-12256 by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.4