Miggo Logo

CVE-2020-15885: MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.50811%
Published
5/24/2022
Updated
11/15/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
munkireport/commentcomposer< 4.14.1
munkireport/managedinstallscomposer< 2.62.6
munkireport/munkireportcomposer>= 2.5.3, < 5.6.35.6.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided commit diff for the managedinstalls module shows critical changes to input handling. In managedinstalls_controller.php, rawurldecode() was replaced with addslashes() to escape quotes, and in managedinstalls_functions.js, decodeURIComponent() was added to safely handle URL parameters. These fixes directly address XSS vulnerabilities caused by unescaped user input being reflected in the UI. The vulnerability title specifically mentions the comment module, but the analyzed commit and diff pertain to the managedinstalls module, which is also listed as affected in the advisory. The changes in these functions align with the described XSS filter bypass mechanism, confirming their role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *ross-Sit* S*riptin* (XSS) vuln*r**ility in t** *omm*nt mo*ul* ***or* *.* *or MunkiR*port *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML *y postin* * n*w *omm*nt.

Reasoning

T** provi*** *ommit *i** *or t** m*n****inst*lls mo*ul* s*ows *riti**l ***n**s to input **n*lin*. In m*n****inst*lls_*ontroll*r.p*p, r*wurl***o**() w*s r*pl**** wit* ***sl*s**s() to *s**p* quot*s, *n* in m*n****inst*lls_*un*tions.js, ***o**URI*ompon*