CVE-2020-10407

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-news.php by adding a question mark ? followed by the payload...

Cross site request forgery (csrf)

CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request...

CVE-2020-10494

CVE-2020-10494 is a CSRF vulnerability in Chadha PHPKB Standard Multi-Language 9 affecting the admin/edit-news.php endpoint. Affected component is the news-editing function; root cause is CSRF weakness allowing an attacker to edit a news article when a user with appropriate session interacts with...

CVE-2020-10468

CVE-2020-10468 is a reflected XSS vulnerability in Chadha PHPKB Standard Multi-Language 9, exploitable via the GET parameter p in admin/edit-news.php. Reported across multiple sources (NVD, Red Hat, CNVD, CVE listings) with the same description: an attacker can inject arbitrary web script or HTML...

CVE-2020-10407

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-news.php by adding a question mark ? followed by the payload...

CVE-2020-10407

The issue is a reflected XSS in Chadha PHPKB Standard Multi-Language 9 caused by how URIs are parsed in admin/header.php. The cve description notes it can be triggered in admin/edit-news.php by appending a payload after a question mark. Red Hat entries corroborate the URI-based XSS pattern affect...