CVE-2020-10461

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue concerns how comments are handled in article.php, specifically through a vulnerable function in include/functions-article.php. This allows attackers to execute Stored (Blind) XSS by injecting arbitrary web script or HTML in admin/manage-comments.php via the GET parameter cmt.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, as a temporary workaround, consider disabling the vulnerable function in include/functions-article.php until a patch is available. Restrict access to the admin/manage-comments.php page to minimize the risk of exploitation. Avoid using the cmt parameter in the affected API endpoint until the issue is resolved.