6 matches found
CVE-2020-10421
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-departments.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-departments.php by adding a question mark ? followed by the payload...
CVE-2020-10491
The issue is a CSRF vulnerability in Chadha PHPKB Standard Multi-Language version 9, specifically affecting the endpoint admin/manage-departments.php. A crafted request can cause an attacker to add a department without proper authorization. The root cause is a CSRF weakness that allows unauthoriz...
CVE-2020-10490
CVE-2020-10490 describes a CSRF vulnerability in Chadha PHPKB Standard Multi-Language 9, where requests to admin/manage-departments.php can delete a department. Root cause: insufficient CSRF protection on the department-management endpoint. Affected product/version: Chadha PHPKB Standard Multi-La...
CVE-2020-10469
CVE-2020-10469 affects Chadha PHPKB Standard Multi-Language 9. Affected component: the GET parameter sort on the admin/manage-departments.php page. Root cause: reflected cross-site scripting (XSS) vulnerability that allows injecting arbitrary web script/HTML. Exploitation details are described in...
CVE-2020-10421
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-departments.php by adding a question mark ? followed by the payload...