185 matches found
CVE-2020-10472
Summary: CVE-2020-10472 is a reflected XSS vulnerability in Chadha PHPKB Standard Multi-Language 9, specifically in the admin/manage-templates.php page where the GET parameter “sort” can be tainted to inject arbitrary scripts. The affected component is the web application’s template management in...
CVE-2020-10471
Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10471
CVE-2020-10471 affects Chadha PHPKB Standard Multi-Language 9. It exposes a reflected XSS flaw in admin/manage-articles.php via the GET parameter sort, allowing injection of arbitrary script/HTML. The issue is caused by improper handling/sanitization of the sort parameter. The provided connected ...
CVE-2020-10470
The CVE-2020-10470 issue affects Chadha PHPKB Standard Multi-Language version 9, where a Reflected XSS exists in admin/manage-fields.php through the GET parameter sort. Attackers can inject arbitrary web script or HTML. The primary affected component is the sort parameter in the admin/manage-fiel...
CVE-2020-10469
CVE-2020-10469 affects Chadha PHPKB Standard Multi-Language 9. Affected component: the GET parameter sort on the admin/manage-departments.php page. Root cause: reflected cross-site scripting (XSS) vulnerability that allows injecting arbitrary web script/HTML. Exploitation details are described in...
CVE-2020-10468
CVE-2020-10468 is a reflected XSS vulnerability in Chadha PHPKB Standard Multi-Language 9, exploitable via the GET parameter p in admin/edit-news.php. Reported across multiple sources (NVD, Red Hat, CNVD, CVE listings) with the same description: an attacker can inject arbitrary web script or HTML...
CVE-2020-10466
Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...
CVE-2020-10465
Chadha PHPKB Standard Multi-Language v9 is affected by a reflected XSS in admin/edit-category.php, exploitable via the GET parameter p to inject arbitrary script/HTML. Root cause is improper handling of user input in the p parameter. Impact is XSS in web contexts, potentially affecting admin-faci...
CVE-2020-10464
Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...
CVE-2020-10462
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...
CVE-2020-10461
The way comments in article.php vulnerable function in include/functions-article.php are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/manage-comments.php, via the GET parameter cmt...
CVE-2020-10457
Path Traversal in Chadha PHPKB Standard Multi-Language 9 (admin/imagepaster/image-renaming.php) allows attackers to rename any file on the webserver via POST imgName and imgUrl using ../../../’ style sequences. Affected component: image-renaming functionality; root cause: improper validation of p...
CVE-2020-10456
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/trash-box.php by adding a question mark ? followed by the payload...
CVE-2020-10452
CVE-2020-10452 concerns Chadha PHPKB Standard Multi-Language 9. Reflected XSS via URIs processed in admin/header.php, enabling injection of script/HTML when an attacker crafts a URI that is passed to admin/add-article.php/save-article.php (and related admin pages as per connected Red Hat advisori...
CVE-2020-10446
CVE-2020-10446: Reflected XSS when handling URIs in Chadha PHPKB Standard Multi-Language 9. The description from Red Hat flags a reflected XSS in admin/header.php that can affect admin/report-category.php by appending a ? payload to the URI. No product version, exploit code, or explicit remediati...
CVE-2020-10445
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-article.php by adding a question mark ? followed by the payload...
CVE-2020-10440
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-article-mailed.php by adding a question mark ? followed by the payload...
CVE-2020-10440
The connected Red Hat advisories confirm CVE-2020-10440 affects Chadha PHPKB Standard Multi-Language 9, where URIs are mishandled in admin/header.php, enabling Reflected XSS in admin/report-article-mailed.php via a crafted query (?payload). This is a reflected XSS through URI handling, allowing a...
CVE-2020-10438
CVE-2020-10438 affects Chadha PHPKB Standard Multi-Language 9: the URI handling in admin/header.php enables Reflected XSS in admin/reply-ticket.php when a payload is injected after a '?'. The Red Hat CVEs confirm similar patterns for related endpoints (e.g., admin/add-article.php), but the provid...
CVE-2020-10436
CVE-2020-10436 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability is a Reflected XSS in the URI handling of admin/header.php, enabling injection of arbitrary scripts/HTML in admin/my-profile.php when a crafted URI containing a leading question mark and payload is used. The Red Hat ...