20200722 Reflected XSS In Managedinstalls Module

Reflected XSS In Managedinstalls Module - CVE-2020-15883

Description

Reflected cross-site scripting (XSS) is a client side vulnerability allowing arbitrary javascript execution based on request parameters reflected in the body of the response. The application fails to escape dangerous characters from the URL while building the page. This could allow client code execution and arbitrary operations in the context of the user when they click a malicious link from the trusted application.

Vulnerable: Versions of MunkiReport from 2.5.3 to 5.6.2 are vulnerable

Mitigation

Update MunkiReport to the latest version (Preferred)

Version specific upgrade notes - https://github.com/munkireport/munkireport-php/wiki/How-to-Upgrade-Versions
General upgrade documentation - https://github.com/munkireport/munkireport-php/wiki/General-Upgrade-Procedures

If updating to the latest version in not possible:

Update the managedinstalls module to v2.6
Or disable the managedinstalls module by removing it from the MODULES= setting in the server config.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

20200722 Reflected XSS In Managedinstalls Module

Reflected XSS In Managedinstalls Module - CVE-2020-15883

Description

Vulnerable: Versions of MunkiReport from 2.5.3 to 5.6.2 are vulnerable

Mitigation

Update MunkiReport to the latest version (Preferred)

If updating to the latest version in not possible:

Introduction

Setup

Server Configuration

Client Configuration

Upgrade

Modules

Securing MunkiReport

Customization

Misc

Developers

Clone this wiki locally