CVE-2020-15883

Опубликовано: 23 июл. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).

Ссылки

https://github.com/munkireport/managedinstalls/releases/tag/v2.6
Release Notes
Third Party Advisory
https://github.com/munkireport/munkireport-php
Third Party Advisory
https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3
Release Notes
Third Party Advisory
https://github.com/munkireport/munkireport-php/wiki/20200722-Reflected-XSS-In-Managedinstalls-Module
Third Party Advisory
https://github.com/munkireport/managedinstalls/releases/tag/v2.6
Release Notes
Third Party Advisory
https://github.com/munkireport/munkireport-php
Third Party Advisory
https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3
Release Notes
Third Party Advisory
https://github.com/munkireport/munkireport-php/wiki/20200722-Reflected-XSS-In-Managedinstalls-Module
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:managedinstalls_project:managedinstalls:*:*:*:*:*:munkireport:*:*

Версия до 2.6 (исключая)

EPSS

Процентиль: 67%

0.00528

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-79xr-v794-wq35