A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).
github.com/munkireport/managedinstalls/commit/708f6a2abc4b80a3751bcc9cf896f80d84250c55
github.com/munkireport/managedinstalls/releases/tag/v2.6
github.com/munkireport/munkireport-php
github.com/munkireport/munkireport-php/releases/tag/v5.6.3
github.com/munkireport/munkireport-php/wiki/20200722-Reflected-XSS-In-Managedinstalls-Module
nvd.nist.gov/vuln/detail/CVE-2020-15883