Nitokhantonio

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to edit a department, given the `id`, via a crafted request to the "admin/manage-departments.php" endpoint. This is made possible by a CSRF weakness. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms to prevent unauthorized requests to the "admin/manage-departments.php" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in admin/edit-field.php through the addition of a question mark (?) followed by the payload. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider restricting access to the admin/edit-field.php endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the admin/header.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/manage-comments.php. This can be achieved by adding a question mark (?) followed by the payload. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing user input in the admin/header.php file to prevent the injection of arbitrary web script or HTML. As a temporary workaround, restrict access to the admin/manage-comments.php page until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in admin/manage-departments.php through the addition of a question mark (?) followed by the payload. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing user input to prevent the injection of malicious scripts or HTML. As a temporary workaround, restrict access to the admin/manage-departments.php page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in admin/manage-feedbacks.php through the addition of a question mark (?) followed by the payload. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing user input in the admin/header.php file to prevent malicious URI handling. As a temporary workaround, restrict access to the admin/manage-feedbacks.php endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/manage-users.php by adding a question mark (?) followed by the payload, enabling the injection of arbitrary web script or HTML. **Recommendations** For version 9, update the admin/header.php file to properly handle URIs and prevent Reflected XSS attacks. As a temporary workaround, consider validating and sanitizing user input in the admin/manage-users.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in admin/report-article-discussed.php through the addition of a question mark (?) followed by the payload. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing user input in the URI handling mechanism to prevent the injection of malicious scripts. As a temporary workaround, restrict access to the admin/report-article-discussed.php page until a proper fix is implemented.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in admin/report-failed-login.php through the addition of a question mark (?) followed by the payload. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider restricting access to the admin/report-failed-login.php endpoint until a proper fix is applied, and ensure proper input validation and sanitization for all URI handling in admin/header.php to prevent Reflected XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/report-referrers.php. This can be achieved by adding a question mark (?) followed by the payload. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider restricting access to the admin/report-referrers.php page until a proper fix is applied, and ensure proper input validation and sanitization for URIs in admin/header.php to prevent Reflected XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to inject arbitrary web script or HTML via the `p` parameter in the `admin/edit-template.php` file. This can be exploited by attackers to inject malicious code. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing user input for the `p` parameter in the `admin/edit-template.php` file to prevent code injection. As a temporary workaround, restrict access to the `admin/edit-template.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to inject arbitrary web script or HTML via the GET parameter `p` in the `admin/edit-article.php` file. This enables reflected XSS attacks. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing user input for the `p` parameter in the `admin/edit-article.php` file to prevent XSS attacks. As a temporary workaround, restrict access to the `admin/edit-article.php` file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to inject arbitrary web script or HTML via the `p` parameter in the `admin/edit-glossary.php` file. This enables reflected XSS attacks. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing user input for the `p` parameter in the `admin/edit-glossary.php` file to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to the `admin/edit-glossary.php` file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to inject arbitrary web script or HTML via the `sort` GET parameter in the admin/manage-tickets.php file. This can lead to reflected XSS attacks. **Recommendations** For version 9, ensure proper input validation and sanitization of the `sort` parameter in the admin/manage-tickets.php file to prevent injection of malicious scripts. Consider implementing a web application firewall (WAF) to detect and prevent XSS attacks. As a temporary workaround, consider restricting access to the admin/manage-tickets.php file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to inject arbitrary web script or HTML via the `sort` parameter in the admin/manage-news.php file. This can lead to reflected XSS attacks. **Recommendations** For version 9, update the admin/manage-news.php file to properly sanitize the `sort` parameter to prevent injection of arbitrary web script or HTML. As a temporary workaround, consider restricting access to the admin/manage-news.php file until a patch is available. Avoid using the `sort` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to add a new glossary term via a crafted request to the `admin/add-glossary.php` endpoint. This is made possible by a CSRF weakness. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms, such as tokens, to prevent unauthorized requests to the `admin/add-glossary.php` endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to post a comment on any article via a crafted request to the `admin/ajax-hub.php` endpoint. This is made possible by a CSRF weakness. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms to prevent attackers from posting unauthorized comments. As a temporary workaround, restrict access to the `admin/ajax-hub.php` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/add-glossary.php by adding a question mark (?) followed by the payload, enabling the injection of arbitrary web script or HTML. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing user input in the admin/header.php file to prevent malicious URI handling. As a temporary workaround, restrict access to the admin/add-glossary.php page until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to add a department via a crafted request to the `admin/manage-departments.php` endpoint. This is made possible by a CSRF weakness. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms to prevent attackers from sending crafted requests to the `admin/manage-departments.php` endpoint. As a temporary workaround, restrict access to the `admin/manage-departments.php` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to reply to any ticket, given the `id`, via a crafted request to the "admin/reply-ticket.php" endpoint. This is made possible by a CSRF weakness in the software. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms to prevent attackers from replying to tickets via crafted requests. As a temporary workaround, restrict access to the "admin/reply-ticket.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Chadha PHPKB Standard Multi-Language version 9 **Description** The issue allows attackers to delete a glossary term via a crafted request to the `admin/manage-glossary.php` endpoint. This is made possible by a CSRF flaw. **Recommendations** For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms to prevent unauthorized requests to the `admin/manage-glossary.php` endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.