Moderate severityNVD Advisory· Published Jul 23, 2020· Updated Aug 4, 2024
CVE-2020-15885
CVE-2020-15885
Description
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
munkireport/commentPackagist | < 4.0 | 4.0 |
Affected products
2- MunkiReport/comment moduledescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-vc4f-2g7f-pmqrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-15885ghsaADVISORY
- github.com/munkireport/comment/commit/ee4c1cd28fdcb42eb24c0cfea24ddf02478f9869ghsaWEB
- github.com/munkireport/comment/releasesghsax_refsource_MISCWEB
- github.com/munkireport/munkireport-php/releases/tag/v5.6.3ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.