CVE-2020-25352: XSS
First published: Fri Aug 20 2021(Updated: )
A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | =3.9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-25352?
CVE-2020-25352 is a stored cross-site scripting (XSS) vulnerability in the /devices.php function in rConfig 3.9.5.
How severe is CVE-2020-25352?
CVE-2020-25352 has a severity score of 5.4, which is categorized as medium.
How does CVE-2020-25352 affect rConfig?
CVE-2020-25352 allows remote attackers to perform arbitrary JavaScript execution through entering a crafted payload into the 'Model' field in rConfig 3.9.5.
Has CVE-2020-25352 been fixed?
Yes, CVE-2020-25352 has been fixed in rConfig version 3.9.6.
What is the CWE ID for CVE-2020-25352?
The CWE ID for CVE-2020-25352 is CWE-79.
- collector/nvd-index
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.5