PT-2020-12087 · Chadha · Chadha Phpkb Standard Multi-Language
Published
2020-03-12
·
Updated
2022-08-19
·
CVE-2020-10417
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Chadha PHPKB Standard Multi-Language version 9
Description
The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in admin/manage-articles.php through the addition of a question mark (?) followed by the payload.
Recommendations
For Chadha PHPKB Standard Multi-Language version 9, consider restricting access to the admin/manage-articles.php endpoint until a proper fix is applied, and ensure proper validation and sanitization of user input to prevent XSS attacks.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chadha Phpkb Standard Multi-Language