CVE-2003-0442

PHP <4.3.2 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Sverre H. Huseby · textremotephp
https://www.exploit-db.com/exploits/22696

References (14)

Core 14
Core References
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:082
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1008653
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/7761
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
Exploit, Patch, Vendor Advisory x_refsource_misc
http://shh.thathost.com/secadv/2003-05-11-php.txt
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-351
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12259
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105760591228031&w=2
Various Sources vendor-advisory x_refsource_turbo
http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105449314612963&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/4758
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-112.shtml
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-204.html

Scores

EPSS 0.5158
EPSS Percentile 97.9%

Details

Status published
Products (3)
php/php < 4.3.1
redhat/linux 8.0
redhat/linux 9.0
Published Jul 24, 2003
Tracked Since Feb 18, 2026