CVE-2020-15883 – munkireport/managedinstalls

Package

Manager: composer
Name: munkireport/managedinstalls
Vulnerable Version: >=0 <2.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00528 pctl0.66258

Details

MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).

Metadata

Created: 2022-05-24T17:24:15Z
Modified: 2023-11-15T20:24:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-79xr-v794-wq35/GHSA-79xr-v794-wq35.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-79xr-v794-wq35
Finding: F008
Auto approve: 1