CVE-2020-10388

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue concerns the handling of the Referer header in article.php, allowing attackers to execute Stored (Blind) XSS by injecting arbitrary web script or HTML. This is specifically related to the admin/report-referrers.php file, with the vulnerable code located in the admin/include/functions-articles.php file.

Recommendations For version 9, consider restricting access to the admin/report-referrers.php file and the functions-articles.php module to minimize the risk of exploitation until a proper fix is applied. As a temporary workaround, disabling the handling of the Referer header in article.php may help mitigate the issue.