CVE-2020-10437

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by injecting arbitrary web script or HTML in admin/optimize-database.php through the addition of a question mark (?) followed by the payload.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing user input to prevent malicious URI handling as a temporary workaround. Restrict access to the admin/optimize-database.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.