Lucene search

GoogleOSV:GHSA-X9Q4-5F3C-CW62

HistoryMay 24, 2022 - 5:24 p.m.

MunkiReport munki_facts module Cross-Site Scripting (XSS) vulnerability

2022-05-2417:24:15

Google

osv.dev

munkireport

munki_facts

cross-site scripting

xss

vulnerability

remote attackers

web script

html

software

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

53.5%

JSON

A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name.

References

github.com/munkireport/munkireport-php

github.com/munkireport/munkireport-php/releases/tag/v5.6.3

github.com/munkireport/munkireport-php/wiki/20200722-munki_facts-XSS

github.com/munkireport/munki_facts

github.com/munkireport/munki_facts/releases

nvd.nist.gov/vuln/detail/CVE-2020-15881