CVE-2020-10413

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/import-html.php by adding a question mark (?) followed by the payload, enabling the injection of arbitrary web script or HTML.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, consider restricting access to the admin/import-html.php endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the admin/import-html.php endpoint until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.