CVE-2020-10419

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/manage-categories.php by adding a question mark (?) followed by the payload, enabling the injection of arbitrary web script or HTML.

Recommendations For version 9, update the admin/header.php file to properly handle URIs and prevent Reflected XSS attacks. As a temporary workaround, consider validating and sanitizing user input in the admin/manage-categories.php file to minimize the risk of exploitation.