CVE-2020-10192

An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/brokenclient endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php...

EUVD-2020-7860

Malware in sbrugna...

EUVD-2020-7861

Malware in sbrugna...

EUVD-2020-2652

Malware in sbrugna...

EUVD-2022-5756

Malicious code in bioql PyPI...

EUVD-2022-2968

Malicious code in bioql PyPI...

EUVD-2022-2428

Malicious code in bioql PyPI...

EUVD-2022-5333

Malicious code in bioql PyPI...

CVE-2020-15887

A SQL injection vulnerability in softwareupdatecontroller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/gettabdata/ endpoint...

CVE-2020-15882

A CSRF issue in manager/deletemachine/id in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database...

CVE-2020-15886

A SQL injection vulnerability in reportdatacontroller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint...

CVE-2020-15884

A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order0dir field on POST requests to /datatables/data...

GHSA-79XR-V794-WQ35 MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters through which installed packages names and versions are reported...

GHSA-VC4F-2G7F-PMQR MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment

A Cross-Site Scripting XSS vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment...

MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment

A Cross-Site Scripting XSS vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment...

MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters through which installed packages names and versions are reported...

MunkiReport munki_facts module Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability in the munkifacts aka Munki Conditions module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name...

MunkiReport Software Update module is vulnerable to SQL injection

A SQL injection vulnerability in softwareupdatecontroller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/gettabdata/ endpoint...

MunkiReport reportdata module SQL injection vulnerability

A SQL injection vulnerability in reportdatacontroller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint...

GHSA-QVW9-6567-WQ78 MunkiReport reportdata module SQL injection vulnerability

A SQL injection vulnerability in reportdatacontroller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint...