CVE-2020-10429

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in admin/manage-settings.php through the addition of a question mark (?) followed by the payload.

Recommendations For version 9, consider restricting access to the admin/manage-settings.php endpoint until a proper fix is applied, and ensure that all user input is properly sanitized to prevent the injection of malicious scripts. As a temporary workaround, avoid using the admin/header.php file to handle URIs, or apply input validation to prevent the addition of malicious payloads.