mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
4.0 KiB
4.0 KiB
CVE-2020-10391
Description
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload.
POC
Reference
- https://antoniocannito.it/phpkb1#reflected-cross-site-scripting-in-every-admin-page-cve-block-going-from-cve-2020-10391-to-cve-2020-10456
- https://antoniocannito.it/phpkb1#reflected-cross-site-scripting-in-every-admin-page-cve-block-going-from-cve-2020-10391-to-cve-2020-10456
Github
- https://github.com/Live-Hack-CVE/CVE-2020-10391
- https://github.com/Live-Hack-CVE/CVE-2020-10392
- https://github.com/Live-Hack-CVE/CVE-2020-10393
- https://github.com/Live-Hack-CVE/CVE-2020-10394
- https://github.com/Live-Hack-CVE/CVE-2020-10395
- https://github.com/Live-Hack-CVE/CVE-2020-10396
- https://github.com/Live-Hack-CVE/CVE-2020-10397
- https://github.com/Live-Hack-CVE/CVE-2020-10398
- https://github.com/Live-Hack-CVE/CVE-2020-10399
- https://github.com/Live-Hack-CVE/CVE-2020-10400
- https://github.com/Live-Hack-CVE/CVE-2020-10401
- https://github.com/Live-Hack-CVE/CVE-2020-10402
- https://github.com/Live-Hack-CVE/CVE-2020-10403
- https://github.com/Live-Hack-CVE/CVE-2020-10404
- https://github.com/Live-Hack-CVE/CVE-2020-10405
- https://github.com/Live-Hack-CVE/CVE-2020-10406
- https://github.com/Live-Hack-CVE/CVE-2020-10407
- https://github.com/Live-Hack-CVE/CVE-2020-10408
- https://github.com/Live-Hack-CVE/CVE-2020-10409
- https://github.com/Live-Hack-CVE/CVE-2020-10410
- https://github.com/Live-Hack-CVE/CVE-2020-10411
- https://github.com/Live-Hack-CVE/CVE-2020-10412
- https://github.com/Live-Hack-CVE/CVE-2020-10413
- https://github.com/Live-Hack-CVE/CVE-2020-10414
- https://github.com/Live-Hack-CVE/CVE-2020-10415
- https://github.com/Live-Hack-CVE/CVE-2020-10416
- https://github.com/Live-Hack-CVE/CVE-2020-10417
- https://github.com/Live-Hack-CVE/CVE-2020-10418
- https://github.com/Live-Hack-CVE/CVE-2020-10419
- https://github.com/Live-Hack-CVE/CVE-2020-10420
- https://github.com/Live-Hack-CVE/CVE-2020-10421
- https://github.com/Live-Hack-CVE/CVE-2020-10422
- https://github.com/Live-Hack-CVE/CVE-2020-10423
- https://github.com/Live-Hack-CVE/CVE-2020-10424
- https://github.com/Live-Hack-CVE/CVE-2020-10425
- https://github.com/Live-Hack-CVE/CVE-2020-10426
- https://github.com/Live-Hack-CVE/CVE-2020-10427
- https://github.com/Live-Hack-CVE/CVE-2020-10428
- https://github.com/Live-Hack-CVE/CVE-2020-10429
- https://github.com/Live-Hack-CVE/CVE-2020-10430
- https://github.com/Live-Hack-CVE/CVE-2020-10431
- https://github.com/Live-Hack-CVE/CVE-2020-10432
- https://github.com/Live-Hack-CVE/CVE-2020-10433
- https://github.com/Live-Hack-CVE/CVE-2020-10434
- https://github.com/Live-Hack-CVE/CVE-2020-10435
- https://github.com/Live-Hack-CVE/CVE-2020-10436
- https://github.com/Live-Hack-CVE/CVE-2020-10437
- https://github.com/Live-Hack-CVE/CVE-2020-10438
- https://github.com/Live-Hack-CVE/CVE-2020-10439
- https://github.com/Live-Hack-CVE/CVE-2020-10440
- https://github.com/Live-Hack-CVE/CVE-2020-10441
- https://github.com/Live-Hack-CVE/CVE-2020-10442
- https://github.com/Live-Hack-CVE/CVE-2020-10444
- https://github.com/Live-Hack-CVE/CVE-2020-10445
- https://github.com/Live-Hack-CVE/CVE-2020-10446
- https://github.com/Live-Hack-CVE/CVE-2020-10447
- https://github.com/Live-Hack-CVE/CVE-2020-10448
- https://github.com/Live-Hack-CVE/CVE-2020-10449
- https://github.com/Live-Hack-CVE/CVE-2020-10450
- https://github.com/Live-Hack-CVE/CVE-2020-10451
- https://github.com/Live-Hack-CVE/CVE-2020-10452
- https://github.com/Live-Hack-CVE/CVE-2020-10453
- https://github.com/Live-Hack-CVE/CVE-2020-10454
- https://github.com/Live-Hack-CVE/CVE-2020-10455
- https://github.com/Live-Hack-CVE/CVE-2020-10456