rConfig 3.9.4 is vulnerable to reflected XSS. The...
Low severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
May 18, 2020
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jan 29, 2023
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php.
References