CVE-2020-10443

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue concerns how URIs are handled in admin/header.php, allowing for Reflected XSS in admin/report-article-printed.php. This can be achieved by adding a question mark (?) followed by the payload.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, consider disabling the vulnerable URI handling in admin/header.php until a patch is available. Restrict access to the admin/report-article-printed.php endpoint to minimize the risk of exploitation. Avoid using user-supplied input in the URI to prevent injecting arbitrary web script or HTML.