The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows malicious users to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
chadhaajay phpkb 9.0 |