CVE-2020-12259

MEDIUM NUCLEI

Rconfig - XSS

Title source: rule

Description

rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php.

Nuclei Templates (1)

rConfig 3.9.4 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

Shodan: http.title:"rConfig" || http.title:"rconfig"

FOFA: title="rconfig"

References (1)

[Third Party Advisory] https://gist.github.com/farid007/8855031bad0e497264e4879efb5bc9f8

Scores

CVSS v3 5.4

EPSS 0.6831

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

rconfig/rconfig 3.9.4

Published May 18, 2020

Tracked Since Feb 18, 2026