### [CVE-2020-10391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10391) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload. ### POC #### Reference - https://antoniocannito.it/phpkb1#reflected-cross-site-scripting-in-every-admin-page-cve-block-going-from-cve-2020-10391-to-cve-2020-10456 - https://antoniocannito.it/phpkb1#reflected-cross-site-scripting-in-every-admin-page-cve-block-going-from-cve-2020-10391-to-cve-2020-10456 #### Github - https://github.com/Live-Hack-CVE/CVE-2020-10391 - https://github.com/Live-Hack-CVE/CVE-2020-10392 - https://github.com/Live-Hack-CVE/CVE-2020-10393 - https://github.com/Live-Hack-CVE/CVE-2020-10394 - https://github.com/Live-Hack-CVE/CVE-2020-10395 - https://github.com/Live-Hack-CVE/CVE-2020-10396 - https://github.com/Live-Hack-CVE/CVE-2020-10397 - https://github.com/Live-Hack-CVE/CVE-2020-10398 - https://github.com/Live-Hack-CVE/CVE-2020-10399 - https://github.com/Live-Hack-CVE/CVE-2020-10400 - https://github.com/Live-Hack-CVE/CVE-2020-10401 - https://github.com/Live-Hack-CVE/CVE-2020-10402 - https://github.com/Live-Hack-CVE/CVE-2020-10403 - https://github.com/Live-Hack-CVE/CVE-2020-10404 - https://github.com/Live-Hack-CVE/CVE-2020-10405 - https://github.com/Live-Hack-CVE/CVE-2020-10406 - https://github.com/Live-Hack-CVE/CVE-2020-10407 - https://github.com/Live-Hack-CVE/CVE-2020-10408 - https://github.com/Live-Hack-CVE/CVE-2020-10409 - https://github.com/Live-Hack-CVE/CVE-2020-10410 - https://github.com/Live-Hack-CVE/CVE-2020-10411 - https://github.com/Live-Hack-CVE/CVE-2020-10412 - https://github.com/Live-Hack-CVE/CVE-2020-10413 - https://github.com/Live-Hack-CVE/CVE-2020-10414 - https://github.com/Live-Hack-CVE/CVE-2020-10415 - https://github.com/Live-Hack-CVE/CVE-2020-10416 - https://github.com/Live-Hack-CVE/CVE-2020-10417 - https://github.com/Live-Hack-CVE/CVE-2020-10418 - https://github.com/Live-Hack-CVE/CVE-2020-10419 - https://github.com/Live-Hack-CVE/CVE-2020-10420 - https://github.com/Live-Hack-CVE/CVE-2020-10421 - https://github.com/Live-Hack-CVE/CVE-2020-10422 - https://github.com/Live-Hack-CVE/CVE-2020-10423 - https://github.com/Live-Hack-CVE/CVE-2020-10424 - https://github.com/Live-Hack-CVE/CVE-2020-10425 - https://github.com/Live-Hack-CVE/CVE-2020-10426 - https://github.com/Live-Hack-CVE/CVE-2020-10427 - https://github.com/Live-Hack-CVE/CVE-2020-10428 - https://github.com/Live-Hack-CVE/CVE-2020-10429 - https://github.com/Live-Hack-CVE/CVE-2020-10430 - https://github.com/Live-Hack-CVE/CVE-2020-10431 - https://github.com/Live-Hack-CVE/CVE-2020-10432 - https://github.com/Live-Hack-CVE/CVE-2020-10433 - https://github.com/Live-Hack-CVE/CVE-2020-10434 - https://github.com/Live-Hack-CVE/CVE-2020-10435 - https://github.com/Live-Hack-CVE/CVE-2020-10436 - https://github.com/Live-Hack-CVE/CVE-2020-10437 - https://github.com/Live-Hack-CVE/CVE-2020-10438 - https://github.com/Live-Hack-CVE/CVE-2020-10439 - https://github.com/Live-Hack-CVE/CVE-2020-10440 - https://github.com/Live-Hack-CVE/CVE-2020-10441 - https://github.com/Live-Hack-CVE/CVE-2020-10442 - https://github.com/Live-Hack-CVE/CVE-2020-10444 - https://github.com/Live-Hack-CVE/CVE-2020-10445 - https://github.com/Live-Hack-CVE/CVE-2020-10446 - https://github.com/Live-Hack-CVE/CVE-2020-10447 - https://github.com/Live-Hack-CVE/CVE-2020-10448 - https://github.com/Live-Hack-CVE/CVE-2020-10449 - https://github.com/Live-Hack-CVE/CVE-2020-10450 - https://github.com/Live-Hack-CVE/CVE-2020-10451 - https://github.com/Live-Hack-CVE/CVE-2020-10452 - https://github.com/Live-Hack-CVE/CVE-2020-10453 - https://github.com/Live-Hack-CVE/CVE-2020-10454 - https://github.com/Live-Hack-CVE/CVE-2020-10455 - https://github.com/Live-Hack-CVE/CVE-2020-10456