Typecho 跨站脚本漏洞

typecho is a PHP blogging platform for typecho individual developers. It is simple and powerful. A security vulnerability exists in Typecho version v.1.2.0. An attacker can exploit this vulnerability to execute arbitrary code via the Comment Manager /admin/manage-comments.php component...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18328)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A stored cross-site scripting vulnerability exists in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9. An attack...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17359)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflected cross-site scripting vulnerability exists in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language version 9...

Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18339)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9. The...

CVE-2020-10503

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request...

CVE-2020-10502

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request...

CVE-2020-10503

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request...

CVE-2020-10502

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request...

CVE-2020-10486

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request...

CVE-2020-10420

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-comments.php by adding a question mark ? followed by the payload...

Cross site request forgery (csrf)

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request...

CVE-2020-10420

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-comments.php by adding a question mark ? followed by the payload...

PT-2020-12131 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns how comments are handled in article.php, specifically through a vulnerable function in include/functions-article.php. This allows attackers to execute Stored Blind...