An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-09T18:14:41
Updated: 2024-08-04T10:58:39.077Z
Reserved: 2020-03-06T00:00:00
Link: CVE-2020-10192
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-03-09T19:15:15.113
Modified: 2020-03-10T16:15:25.820
Link: CVE-2020-10192
Redhat
No data.