CVE-2020-15883

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15883

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15883.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15883

Aliases

GHSA-79xr-v794-wq35

Published

2020-07-23T14:15:12Z

Modified

2025-01-14T08:32:39.903962Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).

References

Affected packages

Git / github.com/munkireport/managedinstalls

Affected ranges

Type: GIT
Repo: https://github.com/munkireport/managedinstalls
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

708f6a2abc4b80a3751bcc9cf896f80d84250c55

Affected versions

V2.*

V2.3

v1.*

v1.1

v1.2

v2.*

v2.0

v2.1

v2.2

v2.4

v2.5