Cross site scripting

2020-03-1214:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

50.4%

JSON

The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.