Vulnerabilities > Chadhaajay > Phpkb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-10388 | Cross-site Scripting vulnerability in Chadhaajay PHPkb 9.0 The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php). | 5.4 |
| 2020-03-12 | CVE-2020-10387 | Path Traversal vulnerability in Chadhaajay PHPkb 9.0 Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file. | 4.9 |