4 matches found
CVE-2020-10429
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-settings.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-settings.php by adding a question mark ? followed by the payload...
CVE-2020-10478
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request...
CVE-2020-10478
The CVE refers to Chadha PHPKB Standard Multi-Language 9, where CSRF in admin/manage-settings.php allows changing global settings. The root cause is insufficient validation/origin verification of requests, enabling an attacker to alter settings and potentially trigger code execution or a denial o...