CVE-2020-10421
published 2020-03-12CVE-2020-10421: The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in…
PriorityP417medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.61%
44.7th percentile
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chadhaajay | phpkb | — | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f7x5-chjj-xjx8: The way URIs are handled in admin/header
ghsa_unreviewed·2022-05-24
CVE-2020-10421 [LOW] CWE-79 GHSA-f7x5-chjj-xjx8: The way URIs are handled in admin/header
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload.
Red Hat
kernel: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
vendor_redhat·2024-11-09·CVSS 5.5
CVE-2024-50212 [MEDIUM] CWE-667 kernel: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
kernel: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
In the Linux kernel, the following vulnerability has been resolved:
lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
Ben Greear reports following splat:
------------[ cut here ]------------
net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at module unload
WARNING: CPU: 1 PID: 10421 at lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0
Modules linked in: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat
...
Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020
RIP: 0010:alloc_tag_module_unload+0x22b/0x3f0
codetag_unload_module+0x19b/0x2a0
? codetag_load_module+0x80/0x80
nf_nat module exit calls kfree_rcu on those addresses, bu
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://antoniocannito.it/?p=137#uxsshttps://antoniocannito.it/phpkb1#reflected-cross-site-scripting-in-every-admin-page-cve-block-going-from-cve-2020-10391-to-cve-2020-10456http://antoniocannito.it/?p=137#uxsshttps://antoniocannito.it/phpkb1#reflected-cross-site-scripting-in-every-admin-page-cve-block-going-from-cve-2020-10391-to-cve-2020-10456
2020-03-12
Published