CVE-2020-15885

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/munkireport/managedinstalls

Identifiers

GHSA-vc4f-2g7f-pmqr, CVE-2020-15885

Package Slug

packagist/munkireport/managedinstalls

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.

Affected Versions

All versions before 2.6

Solution

Upgrade to version 2.6 or above.

Last Modified

2023-11-16

source