PT-2020-12147 · Chadha · Phpkb Standard Multi-Language
Nitokhantonio
·
Published
2020-03-12
·
Updated
2022-09-12
·
CVE-2020-10477
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Chadha PHPKB Standard Multi-Language version 9
Description
The issue allows attackers to inject arbitrary web script or HTML via the
sort parameter in the admin/manage-news.php file. This can lead to reflected XSS attacks.Recommendations
For version 9, update the admin/manage-news.php file to properly sanitize the
sort parameter to prevent injection of arbitrary web script or HTML. As a temporary workaround, consider restricting access to the admin/manage-news.php file until a patch is available. Avoid using the sort parameter in the affected file until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpkb Standard Multi-Language