CVE-2020-15885

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/munkireport/munkireport

Identifiers

GHSA-vc4f-2g7f-pmqr, CVE-2020-15885

Package Slug

packagist/munkireport/munkireport

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.

Affected Versions

All versions starting from 2.5.3 before 5.6.3

Solution

Upgrade to version 5.6.3 or above.

Last Modified

2023-11-16

source