Vulnerabilities > Rconfig > Rconfig > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-27 | CVE-2023-24366 | Unspecified vulnerability in Rconfig 6.8.0 An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request. | 6.5 |
| 2021-10-11 | CVE-2021-29006 | Path Traversal vulnerability in Rconfig 3.9.6 rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. | 6.5 |
| 2021-08-20 | CVE-2020-25351 | Files or Directories Accessible to External Parties vulnerability in Rconfig 3.9.5 An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. | 6.5 |
| 2021-08-20 | CVE-2020-25352 | Cross-site Scripting vulnerability in Rconfig 3.9.5 A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. | 5.4 |
| 2021-08-20 | CVE-2020-25353 | Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.5 A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. | 6.5 |
| 2020-07-28 | CVE-2020-15712 | Path Traversal vulnerability in Rconfig 3.9.5 rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. | 4.3 |
| 2020-05-18 | CVE-2020-12256 | Cross-site Scripting vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to reflected XSS. | 5.4 |
| 2020-05-18 | CVE-2020-12259 | Cross-site Scripting vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to reflected XSS. | 5.4 |