Medium
CVE-2020-26135
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.
Tag: Reflected XSS
All CVEs associated with "Reflected XSS". Page 20/23 • 2754 CVEs.
Subscribe CVEs: RSS for “Reflected XSS” · RSS (High+Critical only)
About “Reflected XSS”
A curated feed of “Reflected XSS”-related CVEs appears below. We currently track 2754 CVEs for this tag (all time). In the last 365 days, 598 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2020-10-02
Medium
CVE-2020-13168
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.
2020-10-01
Medium
CVE-2020-14223
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.
2020-09-24
High
CVE-2020-12282
iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)
2020-09-22
Medium
CVE-2020-14024
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field i…
2020-09-14
Medium
CVE-2020-22158
MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters a…
2020-09-02
Medium
CVE-2020-24604
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searc…
2020-08-31
Medium
CVE-2020-25033
The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS.
2020-08-27
Medium
CVE-2020-24706
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity…
Medium
CVE-2020-24704
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.…
2020-08-26
Medium
CVE-2020-24316
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attack…
Medium
CVE-2020-24314
Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerabilit…
Medium
CVE-2020-24313
Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an in…
2020-08-24
Medium
CVE-2020-19881
DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can e…
2020-08-21
Medium
CVE-2020-12759
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.
2020-08-12
Medium
CVE-2020-17362
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
2020-08-08
Medium
CVE-2020-15831
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
2020-08-05
Medium
CVE-2020-16192
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
Medium
CVE-2020-13819
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
2020-08-04
Medium
CVE-2020-16847
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
2020-08-03
Medium
CVE-2020-13820
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.
2020-07-20
Medium
CVE-2020-15053
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects.
2020-07-02
Medium
CVE-2020-15083
In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6
2020-07-01
Medium
CVE-2020-15500
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflect…
2020-06-28
Medium
CVE-2020-15364
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.
2020-06-24
Medium
CVE-2020-14014
An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to re…
2020-06-17
Medium
CVE-2020-14408
An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content,…
2020-06-10
Medium
CVE-2020-14010
The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter.
2020-06-07
Medium
CVE-2020-13897
HESK before 3.1.10 allows reflected XSS.
2020-06-04
Medium
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must…
2020-06-03
Medium
CVE-2020-5298
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be soci…
2020-06-02
Medium
CVE-2020-13228
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
2020-05-21
Medium
CVE-2019-20803
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Medium
CVE-2020-13258
Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.
2020-05-18
Medium
CVE-2019-19456
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.…
Medium
CVE-2020-12256
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to…
Medium
CVE-2020-9524
Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to…
Medium
CVE-2020-12259
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET par…
2020-04-30
Medium
CVE-2020-5889
On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTT…
2020-04-28
Medium
CVE-2018-21209
Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220…
2020-04-24
Medium
CVE-2017-18701
Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34.
Medium
CVE-2017-18715
Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 befo…
2020-04-23
Medium
CVE-2020-12054
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist…
2020-04-21
Medium
CVE-2017-18800
Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42.
2020-04-20
Medium
CVE-2020-5286
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5
Medium
CVE-2020-5285
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5
Medium
CVE-2020-5278
In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5
Medium
CVE-2020-5276
In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5
Medium
CVE-2020-5272
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5
Medium
CVE-2020-5271
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5
Medium
CVE-2020-5269
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5
Medium
CVE-2020-5265
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.
Medium
CVE-2020-5264
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.
Medium
CVE-2017-18835
Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8…
Medium
CVE-2017-18834
Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8…
Medium
CVE-2017-18833
Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8…
Medium
CVE-2020-11930
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
2020-04-16
Medium
CVE-2020-5294
PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
Medium
CVE-2019-20756
Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 befo…
Medium
CVE-2019-20746
Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0…
2020-04-15
Medium
CVE-2020-11791
NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.
Medium
CVE-2019-19390
The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues.
2020-04-12
Medium
CVE-2020-11704
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. Get…
Medium
CVE-2020-11702
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collab…
2020-04-09
Medium
CVE-2020-11556
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.
2020-04-08
Medium
CVE-2020-10633
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password…
2020-04-01
Medium
CVE-2020-1949
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attack…
2020-03-30
Medium
CVE-2019-9509
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before disp…
2020-03-25
Medium
CVE-2020-5277
PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. The problem is fixed in 3.5.0
Medium
CVE-2020-2169
A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.
2020-03-24
High
CVE-2020-8985
ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality.
2020-03-20
Medium
CVE-2020-9344
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
2020-03-19
Medium
CVE-2020-10670
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page. NOTE: this is fixed in the l…
Medium
CVE-2020-10668
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.
Medium
CVE-2019-20521
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI.
Medium
CVE-2019-20520
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/method/ URI.
Medium
CVE-2019-20519
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ URI, as demonstrated by a crafted e-mail address.
Medium
CVE-2019-20518
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ URI.
Medium
CVE-2019-20517
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI.
Medium
CVE-2019-20516
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI.
Medium
CVE-2019-20515
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI.
Medium
CVE-2019-20514
ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.
Medium
CVE-2019-20513
Open edX Ironwood.1 allows support/certificates?user= reflected XSS.
2020-03-18
Medium
CVE-2019-20512
Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS.
Medium
CVE-2019-14884
A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.
2020-03-13
Medium
CVE-2019-13200
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacki…
2020-03-12
Medium
CVE-2020-10477
Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
Medium
CVE-2020-10476
Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
Medium
CVE-2020-10475
Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
Medium
CVE-2020-10474
Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
Medium
CVE-2020-10473
Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
Medium
CVE-2020-10472
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
Medium
CVE-2020-10471
Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
Medium
CVE-2020-10470
Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
Medium
CVE-2020-10469
Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort.
Medium
CVE-2020-10468
Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
Medium
CVE-2020-10467
Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
Medium
CVE-2020-10466
Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
Medium
CVE-2020-10465
Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
Medium
CVE-2020-10464
Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
Medium
CVE-2020-10463
Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
Medium
CVE-2020-10462
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p.
Medium
CVE-2020-10456
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (…
Medium
CVE-2020-10455
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (…
Medium
CVE-2020-10454
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a questio…
Medium
CVE-2020-10453
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mar…
Medium
CVE-2020-10452
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mar…
Medium
CVE-2020-10451
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark…
Medium
CVE-2020-10450
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question m…
Medium
CVE-2020-10449
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question ma…
Medium
CVE-2020-10448
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question…
Medium
CVE-2020-10447
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a quest…
Medium
CVE-2020-10446
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question…
Medium
CVE-2020-10445
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question m…
Medium
CVE-2020-10444
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a ques…
Medium
CVE-2020-10443
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a qu…
Medium
CVE-2020-10442
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a qu…
Medium
CVE-2020-10441
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a qu…
Medium
CVE-2020-10440
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a que…
Medium
CVE-2020-10439
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a…