Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-news.php by adding a question mark ? followed by the payload...

CVE-2020-10488

CVE-2020-10488 describes a cross-site request forgery (CSRF) in Chadha PHPKB Standard Multi-Language 9. The vulnerability exists in the admin/manage-news.php endpoint, where a crafted request can cause deletion of a news article. Root cause: CSRF due to insufficient request validation/CSRF protec...

CVE-2020-10477

CVE-2020-10477 is a reflected Cross-Site Scripting vulnerability affecting Chadha PHPKB Standard Multi-Language 9. The issue occurs in admin/manage-news.php through the GET parameter sort , allowing injection of arbitrary web script or HTML. Root cause: insufficient sanitization of the sort param...

CVE-2020-10428

CVE-2020-10428 affects Chadha PHPKB Standard Multi-Language 9. The issue is a Reflected XSS in URI handling via admin/header.php, enabling injection of arbitrary script/HTML on several admin pages when a payload is added after a question mark in the URI (e.g., admin/manage-news.php and related pa...

CVE-2020-10428

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-news.php by adding a question mark ? followed by the payload...