CVE-2020-10444

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited by adding a question mark (?) followed by the payload in admin/report-article-rated.php, enabling the injection of arbitrary web script or HTML.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, consider disabling access to the admin/report-article-rated.php endpoint until a proper fix is applied to prevent the injection of malicious scripts. Restrict the handling of URIs in admin/header.php to minimize the risk of Reflected XSS attacks. Avoid using user-supplied input in the URI handling mechanism to prevent exploitation.