CVE-2022-2921

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update...

Chadha PHPKB cross-site scripting vulnerability (CNVD-2020-17362)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflected cross-site scripting vulnerability exists in admin/manage-languages.php in Chadha PHPKB Standard Multi-Language version ...

CVE-2020-10427

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-languages.php by adding a question mark ? followed by the payload...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-languages.php by adding a question mark ? followed by the payload...

PT-2020-12097 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/manage-languages.php. This can be achieved by adding a question mark ? followed b...