CVE-2020-10450

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/report-traffic.php. This can be achieved by adding a question mark (?) followed by the payload.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, consider validating and sanitizing user input in the admin/header.php file to prevent the injection of arbitrary web scripts or HTML. As a temporary workaround, restrict access to the admin/report-traffic.php page until a proper fix is applied.