CVE-2020-10192

2020-03-09T19:15:00
ID CVE-2020-10192
Type cve
Reporter cve@mitre.org
Modified 2020-03-10T16:15:00

Description

An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php.