[php-maint] Bug#354682: PHP4 in Sarge may be vulnerable to CVE-2006-0208

Nick Jenkins nickpj at gmail.com
Tue Feb 28 04:28:35 UTC 2006

Package: php4
Version: 4:4.3.10-16
Severity: normal
Tags: security


  Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when
 display_errors and html_errors are on, allow remote attackers to inject
  arbitrary web script or HTML via inputs to PHP applications that are
 not filtered when they are included in the resulting error message.

Vulnerable PHP versions
  CVE report lists 5.1.1, however PHP 4.3.x is also vulnerable
according to: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028

More information about the pkg-php-maint mailing list