Vulnerability Details CVE-2020-15885
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.4%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/munkireport/comment/releases
- https://github.com/munkireport/munkireport-php
- https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3
- https://github.com/munkireport/munkireport-php/wiki/20200722--XSS-Filter-Bypass-On-Comments
- https://github.com/munkireport/comment/releases
- https://github.com/munkireport/munkireport-php
- https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3
- https://github.com/munkireport/munkireport-php/wiki/20200722--XSS-Filter-Bypass-On-Comments
Products affected by CVE-2020-15885
-
cpe:2.3:a:munkireport_project:comment:*