CVE-2020-15885

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15885

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15885.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15885

Aliases

GHSA-vc4f-2g7f-pmqr

Published

2020-07-23T14:15:12.477Z

Modified

2026-02-20T02:29:39.456705Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.

References

Affected packages

Git / github.com/munkireport/munkireport-php

Affected ranges

Type: GIT
Repo: https://github.com/munkireport/munkireport-php
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dc7cb866e74670aea83e16c63e8b68919ac69928

Affected versions

0.*

0.9.0

2.*

2.0.0.336

2.0.1.353

2.0.10

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

Other

mr3_base_201708

wip-20180701

v2.*

v2.0.11

v2.0.2.369

v2.0.3

v2.1.0

v2.10.0

v2.10.1

v2.11.0

v2.12.0

v2.13.0

v2.13.1

v2.13.2

v2.14.0

v2.14.1

v2.14.2

v2.14.3

v2.15.0

v2.15.1

v2.15.2

v2.2.0

v2.3.0

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.6.0

v2.7.1

v2.7.2

v2.7.3

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.9.0

v2.9.1

v2.9.2

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.1.0

v3.1.1

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.3.0

v3.3.1

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.2.0

v4.2.1

v4.2.2

v4.3.0RC2

v4.3.1

v4.3.2

v4.3.3

v4.3.4

v5.*

v5.0.0

v5.0.1

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v5.2.0

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.4.0

v5.4.1

v5.5.0

v5.5.1

v5.6.0

v5.6.1

v5.6.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15885.json"