Vulnerabilities (CVE)

Filtered by vendor Munkireport Project Subscribe

Filtered by product Munkireport

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-10191	1 Munkireport Project	1 Munkireport	2020-03-10	3.5 LOW	5.4 MEDIUM
An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail.
CVE-2020-10192	1 Munkireport Project	1 Munkireport	2020-03-10	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php.