CVE-2020-10461: XSS
First published: Thu Mar 12 2020(Updated: )
The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Chadhaajay Phpkb | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-10461.
What is the severity level of CVE-2020-10461?
The severity level of CVE-2020-10461 is medium.
How does the vulnerability CVE-2020-10461 work?
The vulnerability CVE-2020-10461 allows attackers to execute Stored (Blind) XSS by injecting arbitrary web script or HTML in admin/manage-comments.php through the GET parameter cmt.
What software is affected by CVE-2020-10461?
The Chadha PHPKB Standard Multi-Language 9 software version 9.0 is affected by CVE-2020-10461.
Are there any references or resources for CVE-2020-10461?
Yes, you can find more information about CVE-2020-10461 at the following links: http://antoniocannito.it/?p=137#bxss2 and https://antoniocannito.it/phpkb1#blind-cross-site-scripting-2-cve-2020-10461.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/chadhaajay
- canonical/chadhaajay phpkb
- version/chadhaajay phpkb/9.0