munkireport_project CVE 脆弱性と CVE 一覧(6)

製品(CPE): — CVE 件数: 6

munkireport_project 脆弱性概要

munkireport_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は vendor risk cross-site scripting、vendor risk sql injection, and vendor risk csrf に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise and vendor impact data exposure などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 16 / 6 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2020-15885 A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment. [email protected] 5.4 0.94% 2020-07-23 2026-06-16
CVE-2020-15884 A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. [email protected] 8.8 1.23% 2020-07-23 2026-06-16
CVE-2020-15882 A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database. [email protected] 8.1 0.62% 2020-07-23 2026-06-16
CVE-2020-10192 An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php. [email protected] 6.1 0.75% 2020-03-09 2026-06-16
CVE-2020-10191 An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail. [email protected] 5.4 0.57% 2020-03-09 2026-06-16
CVE-2020-10190 An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint. [email protected] 8.8 1.24% 2020-03-09 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence