CVE-2020-12256
Description
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.
NVD
Severity: MEDIUM
CVE ID: CVE-2020-12256
CVSS Score: 5.4
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Proof Of Concept
Nuclei Templates for CVE-2020-12256
Refrence: Project Discovery GitHub