CVE-2006-0208

PHP display_errors and html_errors - Cross-Site Scripting

Title source: manual

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

References (29)

Core 29

Core References

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/261-1/

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/0369

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/0177

Issue Tracking x_refsource_misc

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028

Patch x_refsource_confirm

http://www.php.net/release_5_1_2.php

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:028

Vendor Advisory x_refsource_confirm

http://www.php.net/ChangeLog-4.php#4.4.2

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19355

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21252

Various Sources vendor-advisory x_refsource_suse

http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18431

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20222

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20210

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2006-0276.html

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19179

Patch, Vendor Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2006-0501.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2006-0549.html

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18697

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20951

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19832

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/16803

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21564

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19012

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2685

Scores

EPSS 0.0237

EPSS Percentile 85.2%

Details

CWE

CWE-79

Status published

Products (37)

php/php 4.0 beta_4_patch1 (7 CPE variants)

php/php 4.0.0

php/php 4.0.1

php/php 4.0.2

php/php 4.0.3

php/php 4.0.4

php/php 4.0.5

php/php 4.0.6

php/php 4.1.0

php/php 4.1.1

... and 27 more

Published Jan 13, 2006

Tracked Since Feb 18, 2026