CVE-2020-10192

An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/brokenclient endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php...

EUVD-2020-2653

Malware in sbrugna...

EUVD-2020-7860

Malware in sbrugna...

EUVD-2020-7861

Malware in sbrugna...

EUVD-2020-2651

Malware in sbrugna...

EUVD-2020-2652

Malware in sbrugna...

EUVD-2022-5040

Malicious code in bioql PyPI...

EUVD-2022-2968

Malicious code in bioql PyPI...

EUVD-2022-2428

Malicious code in bioql PyPI...

EUVD-2022-5333

Malicious code in bioql PyPI...

EUVD-2022-5756

Malicious code in bioql PyPI...

CVE-2020-15885

A Cross-Site Scripting XSS vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment...

CVE-2020-15887

A SQL injection vulnerability in softwareupdatecontroller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/gettabdata/ endpoint...

CVE-2020-15882

A CSRF issue in manager/deletemachine/id in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database...

CVE-2020-10190

An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint...

CVE-2020-15886

A SQL injection vulnerability in reportdatacontroller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint...

CVE-2020-15884

A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order0dir field on POST requests to /datatables/data...

CVE-2020-10191

An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail...

MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters through which installed packages names and versions are reported...

GHSA-X9Q4-5F3C-CW62 MunkiReport munki_facts module Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability in the munkifacts aka Munki Conditions module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name...