CVE-2020-15883

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-15883
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15883.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-15883
Aliases
Published
2020-07-23T14:15:12Z
Modified
2025-07-01T23:52:18.294316Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).

References

Affected packages

Git / github.com/munkireport/managedinstalls

Affected ranges

Type
GIT
Repo
https://github.com/munkireport/managedinstalls
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
GIT
Repo
https://github.com/munkireport/munkireport-php
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.9.0

2.*

2.0.0.336
2.0.1.353
2.0.10
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9

V2.*

V2.3

Other

mr3_base_201708
wip-20180701

v1.*

v1.1
v1.2

v2.*

v2.0
v2.0.11
v2.0.2.369
v2.0.3
v2.1
v2.1.0
v2.10.0
v2.10.1
v2.11.0
v2.12.0
v2.13.0
v2.13.1
v2.13.2
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.15.0
v2.15.1
v2.15.2
v2.2
v2.2.0
v2.3.0
v2.4
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.7.1
v2.7.2
v2.7.3
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.9.0
v2.9.1
v2.9.2

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.1.0
v3.1.1
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.3.0
v3.3.1

v4.*

v4.0.0
v4.0.1
v4.0.2
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.2.0
v4.2.1
v4.2.2
v4.3.0RC2
v4.3.1
v4.3.2
v4.3.3
v4.3.4

v5.*

v5.0.0
v5.0.1
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.2.0
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.4.0
v5.4.1
v5.5.0
v5.5.1
v5.6.0
v5.6.1
v5.6.2