855 matches found
CVE-2020-10465
Chadha PHPKB Standard Multi-Language v9 is affected by a reflected XSS in admin/edit-category.php, exploitable via the GET parameter p to inject arbitrary script/HTML. Root cause is improper handling of user input in the p parameter. Impact is XSS in web contexts, potentially affecting admin-faci...
CVE-2020-10464
CVE-2020-10464 concerns Chadha PHPKB Standard Multi-Language 9, with a reflected XSS in admin/edit-article.php via the GET parameter p. The vulnerability allows an attacker to inject arbitrary web script or HTML when a user visits a crafted URL, affecting the affected PHPKB component and involvin...
CVE-2020-10464
Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...
CVE-2020-10463
Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...
CVE-2020-10463
CVE-2020-10463 affects Chadha PHPKB Standard Multi-Language v9. It is a reflected XSS in admin/edit-template.php via the GET parameter p, due to insufficient input sanitization. Impact described as ability to inject arbitrary web script/HTML; exploitation details or in-the-wild status not provide...
CVE-2020-10462
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p...
CVE-2020-10462
CVE-2020-10462 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability is a reflected XSS in admin/edit-field.php when processing the GET parameter p, allowing injection of arbitrary web script or HTML. Exploitation details are consistently described across multiple sources, identifying...
CVE-2020-10461
CVE-2020-10461 affects Chadha PHPKB Standard Multi-Language 9. the vulnerable path is article.php -> include/functions-article.php, allowing Stored (Blind) XSS in admin/manage-comments.php via the GET parameter cmt. Exploitation is documented as injecting arbitrary web script/HTML. A practical...
CVE-2020-10461
The way comments in article.php vulnerable function in include/functions-article.php are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/manage-comments.php, via the GET parameter cmt...
CVE-2020-10460
admin/include/operations.php via admin/email-harvester.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data...
CVE-2020-10460
CVE-2020-10460 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability exists in admin/include/operations.php (via admin/email-harvester.php), allowing injection of untrusted input into CSV files through the POST parameter data. This is described consistently across multiple sources (NV...
CVE-2020-10459
Path Traversal in admin/assetmanager/assetmanager.php vulnerable function saved in admin/assetmanager/functions.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence ../ via the POST parameter inpCurrFolder...
CVE-2020-10458
The Red Hat and CNVD entries, plus the primary CVE listing, confirm a path-traversal flaw in Chadha PHPKB Standard Multi-Language 9. Affected component: admin/imagepaster/operations.php. Root cause: using a dot-dot-slash sequence (../) via the crdir parameter when action=df, enabling deletion of ...
CVE-2020-10458
Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence ../ via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service...
CVE-2020-10457
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence ../ via the POST parameter imgName for the new name and imgUrl for the current file to be renamed...
CVE-2020-10457
Path Traversal in Chadha PHPKB Standard Multi-Language 9 (admin/imagepaster/image-renaming.php) allows attackers to rename any file on the webserver via POST imgName and imgUrl using ../../../’ style sequences. Affected component: image-renaming functionality; root cause: improper validation of p...
CVE-2020-10456
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/trash-box.php by adding a question mark ? followed by the payload...
CVE-2020-10455
CVE-2020-10455 (and related Red Hat CVEs) affects Chadha PHPKB Standard Multi-Language 9. URIs processed in admin/header.php can lead to Reflected XSS in various admin pages (e.g., admin/translate.php, admin/add-article.php, admin/trash-box.php) by appending a payload after a question mark. Explo...
CVE-2020-10455
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/translate.php by adding a question mark ? followed by the payload...
CVE-2020-10454
The affected product is Chadha PHPKB Standard Multi-Language 9. The issue is a Reflected XSS vulnerability in admin/header.php caused by improper handling of URIs, enabling injection via a leading question mark and payload in admin/sitemap-generator.php. Red Hat CVEs RH:CVE-2020-10454 and RH:CVE-...