CVE-2020-12259

{"id": "CVE-2020-12259", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-05-18T13:15:10.893", "references": [{"url": "https://gist.github.com/farid007/8855031bad0e497264e4879efb5bc9f8", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/farid007/8855031bad0e497264e4879efb5bc9f8", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php."}, {"lang": "es", "value": "rConfig versi\u00f3n 3.9.4 es vulnerable a un ataque de tipo XSS reflejado. El archivo configDevice.php comprueba inapropiadamente las entradas de usuario. Un atacante puede explotar esta vulnerabilidad creando un JavaScript arbitrario en el par\u00e1metro GET rid del archivo devicemgmnt.php."}], "lastModified": "2024-11-21T04:59:23.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rconfig:rconfig:3.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B529174-50B3-491D-BEA0-5A0EC8BF45B6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}