Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/munkireport/managedinstalls@2.0

Type composer

Namespace munkireport

Name managedinstalls

Version 2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.6

Latest_non_vulnerable_version 2.6

Affected_by_vulnerabilities

url VCID-t5ga-y6rr-ukg4

vulnerability_id VCID-t5ga-y6rr-ukg4

summary

MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability
A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15883

reference_id

reference_type

scores

value	0.00528
scoring_system	epss
scoring_elements	0.67554
published_at	2026-06-05T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67548
published_at	2026-06-09T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67532
published_at	2026-06-08T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67549
published_at	2026-06-07T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.6756
published_at	2026-06-06T12:55:00Z

value	0.00528
scoring_system	epss
scoring_elements	0.67512
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15883

reference_url

https://github.com/munkireport/managedinstalls

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/managedinstalls

reference_url

https://github.com/munkireport/managedinstalls/commit/708f6a2abc4b80a3751bcc9cf896f80d84250c55

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/managedinstalls/commit/708f6a2abc4b80a3751bcc9cf896f80d84250c55

reference_url

https://github.com/munkireport/managedinstalls/releases/tag/v2.6

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/managedinstalls/releases/tag/v2.6

reference_url

https://github.com/munkireport/munkireport-php

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/munkireport-php

reference_url

https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3

reference_url

https://github.com/munkireport/munkireport-php/wiki/20200722-Reflected-XSS-In-Managedinstalls-Module

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/munkireport-php/wiki/20200722-Reflected-XSS-In-Managedinstalls-Module

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15883

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15883

reference_url

https://github.com/advisories/GHSA-79xr-v794-wq35

reference_id

GHSA-79xr-v794-wq35

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-79xr-v794-wq35

fixed_packages

url	pkg:composer/munkireport/managedinstalls@2.6.0
purl	pkg:composer/munkireport/managedinstalls@2.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/munkireport/managedinstalls@2.6.0

url	pkg:composer/munkireport/managedinstalls@2.6
purl	pkg:composer/munkireport/managedinstalls@2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/munkireport/managedinstalls@2.6

aliases CVE-2020-15883, GHSA-79xr-v794-wq35

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5ga-y6rr-ukg4

url VCID-y41s-y263-7yeq

vulnerability_id VCID-y41s-y263-7yeq

summary

MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15885

reference_id

reference_type

scores

value	0.0027
scoring_system	epss
scoring_elements	0.50647
published_at	2026-06-04T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50679
published_at	2026-06-09T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50663
published_at	2026-06-08T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50693
published_at	2026-06-07T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50713
published_at	2026-06-06T12:55:00Z

value	0.0027
scoring_system	epss
scoring_elements	0.50708
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15885

reference_url

https://github.com/munkireport/comment

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/comment

reference_url

https://github.com/munkireport/comment/commit/ee4c1cd28fdcb42eb24c0cfea24ddf02478f9869

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/comment/commit/ee4c1cd28fdcb42eb24c0cfea24ddf02478f9869

reference_url

https://github.com/munkireport/comment/releases

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/comment/releases

reference_url	https://github.com/munkireport/managedinstalls/commit/708f6a2abc4b80a3751bcc9cf896f80d84250c55
reference_id
reference_type
scores
url	https://github.com/munkireport/managedinstalls/commit/708f6a2abc4b80a3751bcc9cf896f80d84250c55

reference_url

https://github.com/munkireport/munkireport-php

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/munkireport-php

reference_url

https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/munkireport-php/releases/tag/v5.6.3

reference_url

https://github.com/munkireport/munkireport-php/wiki/20200722--XSS-Filter-Bypass-On-Comments

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/munkireport/munkireport-php/wiki/20200722--XSS-Filter-Bypass-On-Comments

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15885

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15885

reference_url

https://github.com/advisories/GHSA-vc4f-2g7f-pmqr

reference_id

GHSA-vc4f-2g7f-pmqr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vc4f-2g7f-pmqr

fixed_packages

url	pkg:composer/munkireport/managedinstalls@2.6.0
purl	pkg:composer/munkireport/managedinstalls@2.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/munkireport/managedinstalls@2.6.0

url	pkg:composer/munkireport/managedinstalls@2.6
purl	pkg:composer/munkireport/managedinstalls@2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/munkireport/managedinstalls@2.6

aliases CVE-2020-15885, GHSA-vc4f-2g7f-pmqr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y41s-y263-7yeq

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/munkireport/managedinstalls@2.0

Package Instance