Munkireport Project
munkireport_project
6 CVEs • 2 products
Products (2)
Click to collapseToggle
Products (2)
Click to collapse
CVEs (6)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment. |
1Munkireport Project 1Munkireport Jun 17, 2026 Jul 23, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. |
1Munkireport Project 1Munkireport Jun 17, 2026 Jul 23, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database. |
1Munkireport Project 1Munkireport Jun 17, 2026 Mar 9, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsin...Show more |
1Munkireport Project 1Munkireport Jun 17, 2026 Mar 9, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the ap...Show more |
1Munkireport Project 1Munkireport Jun 17, 2026 Mar 9, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint. |