CVE-2020-10438

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/reply-ticket.php. This can be achieved by adding a question mark (?) followed by the payload.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, consider disabling access to the admin/reply-ticket.php endpoint until a proper fix is applied to prevent the injection of arbitrary web scripts or HTML. Restrict the handling of URIs in admin/header.php to minimize the risk of exploitation. Avoid using the payload parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.