CVE-2020-10474

Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

CVE-2020-10420

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-comments.php by adding a question mark ? followed by the payload...

Cross site request forgery (csrf)

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-comments.php by adding a question mark ? followed by the payload...

CVE-2020-10503

The CVE-2020-10503 issue affects Chadha PHPKB Standard Multi-Language version 9, where a CSRF flaw in admin/manage-comments.php lets an attacker disapprove any comment by supplying an id in a crafted request. The vulnerability stems from insufficient request validation/verification of authorized ...

CVE-2020-10502

The CVE-2020-10502 issue affects Chadha PHPKB Standard Multi-Language 9. The vulnerable component is admin/manage-comments.php where CSRF allows an attacker to approve any comment by crafting a request with the comment id. Root cause is CSRF protection missing for the approval action, enabling un...

CVE-2020-10486

The CVE-2020-10486 issue affects Chadha PHPKB Standard Multi-Language version 9, where a CSRF flaw in admin/manage-comments.php can let an attacker delete a comment via a crafted request. Root cause is CSRF vulnerability due to insufficient request forgery protections, enabling unauthorized actio...