855 matches found
CVE-2020-10395
The CVE-2020-10395 issue affects Chadha PHPKB Standard Multi-Language 9 and is described as a Reflected Cross-Site Scripting (XSS) vulnerability. The Red Hat entries specify that URIs handled in admin/header.php can trigger XSS in various admin pages (e.g., admin/add-group.php, admin/add-article....
CVE-2020-10394
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-glossary.php by adding a question mark ? followed by the payload...
CVE-2020-10394
Summary (CVE-2020-10394): The issue affects Chadha PHPKB Standard Multi-Language 9, where URIs are processed in admin/header.php, enabling a Reflected XSS in admin/add-glossary.php when a payload is injected after a question mark. The root cause is likely unsafe handling of query strings in the U...
CVE-2020-10393
CVE-2020-10393 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability is a Reflected XSS caused by how URIs are processed in admin/header.php, exploitable via adding a ? payload to admin/add-field.php. No remediation details are provided in the connected documents.
CVE-2020-10391
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-article.php by adding a question mark ? followed by the payload...
CVE-2020-10391
CVE-2020-10391 describes a reflected XSS in Chadha PHPKB Standard Multi-Language 9. The issue arises from how URIs are handled in admin/header.php, enabling an attacker to inject script/HTML into admin/add-article.php by appending a payload after a question mark. The connected Red Hat CVE entries...
CVE-2020-10390
CVE-2020-10390 affects Chadha PHPKB Standard Multi-Language 9. The OS command injection exists in export.php (called from include/functions-article.php) allowing remote code execution by saving malicious code into the wkhtmltopdf path via admin/save-settings.php. This is documented across multipl...
CVE-2020-10389
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings...
CVE-2020-10389
CVE-2020-10389 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability exists in admin/save-settings.php and allows an attacker to achieve remote code execution by injecting PHP code into any POST parameter during saving of global settings. Public references in connected documents show ...
CVE-2020-10388
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/report-referrers.php vulnerable file admin/include/functions-articles.php...
CVE-2020-10387
CVE-2020-10387 describes a path traversal vulnerability in Chadha PHPKB Standard Multi-Language 9, exposed via the admin/download.php endpoint. The flaw allows traversal of the server file system through the GET parameter “file” (using dot-dot-slash sequences), enabling arbitrary file download. P...
CVE-2020-10386
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory...
CVE-2020-10386
CVE-2020-10386 affects Chadha PHPKB Standard Multi-Language 9. A remote code execution is possible by uploading a PHP file via admin/imagepaster/image-upload.php to the admin/js/ directory. The root cause is unrestricted PHP file upload in that path, allowing an attacker to execute arbitrary code...
PT-2020-12089 · Chadha · Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/manage-categories.php by adding a question mark ?...
PT-2020-12123 · Chadha · Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/search-users.php. This can be achieved by adding a question mark ? followed by th...
PT-2020-12118 · Chadha · Chadha Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/report-referrers.php. This can be achieved by adding a question mark ? followed b...
PT-2020-12121 · Chadha · Chadha Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/report-user.php by adding a question mark ? follow...
PT-2020-12108 · Chadha · Chadha Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/reply-ticket.php. This can be achieved by adding a question mark ? followed by th...
PT-2020-12097 · Chadha · Chadha Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS in admin/manage-languages.php. This can be achieved by adding a question mark ? followed b...
PT-2020-12086 · Chadha · Chadha Phpkb Standard Multi-Language
Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns the handling of URIs in admin/header.php, which allows for Reflected XSS attacks. This can be exploited in admin/kb-backup.php by adding a question mark ? followed...