[php-maint] Bug#354682: PHP4 in Sarge may be vulnerable to
CVE-2006-0208
Nick Jenkins
nickpj at gmail.com
Tue Feb 28 04:28:35 UTC 2006
Package: php4
Version: 4:4.3.10-16
Severity: normal
Tags: security
Ref:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
Description:
Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when
display_errors and html_errors are on, allow remote attackers to inject
arbitrary web script or HTML via inputs to PHP applications that are
not filtered when they are included in the resulting error message.
Vulnerable PHP versions
CVE report lists 5.1.1, however PHP 4.3.x is also vulnerable
according to: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
More information about the pkg-php-maint
mailing list