Lucene search

[email protected]CVE-2020-10475

HistoryMar 12, 2020 - 2:15 p.m.

CVE-2020-10475

2020-03-1214:15:19

CWE-79

[email protected]

web.nvd.nist.gov

cve

2020

10475

reflected xss

admin

manage-tickets.php

chadha

phpkb

nvd

security vulnerability

web script injection

html injection

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.2%

JSON

Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.

Affected configurations

NVD

Node

chadhaajayphpkbMatch9.0

CPENameOperatorVersion
chadhaajay:phpkbchadhaajay phpkbeq9.0

CPE	Name	Operator	Version
chadhaajay:phpkb	chadhaajay phpkb	eq	9.0

References

antoniocannito.it/?p=342#xss14

antoniocannito.it/phpkb2#reflected-cross-site-scripting-when-deleting-a-ticket-cve-2020-10475

Social References

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.2%

JSON

Related for CVE-2020-10475

prion1 nvd1 cvelist1