CVE-2006-0208

Php - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

References (29)

[Various Sources] http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2006-0549.html

[Patch, Vendor Advisory] http://secunia.com/advisories/18431

[Patch, Vendor Advisory] http://secunia.com/advisories/18697

[Vendor Advisory] http://secunia.com/advisories/19012

[Patch, Vendor Advisory] http://secunia.com/advisories/19179

[Patch, Vendor Advisory] http://secunia.com/advisories/19355

[Vendor Advisory] http://secunia.com/advisories/19832

[Vendor Advisory] http://secunia.com/advisories/20210

[Vendor Advisory] http://secunia.com/advisories/20222

[Vendor Advisory] http://secunia.com/advisories/20951

[Vendor Advisory] http://secunia.com/advisories/21252

[Vendor Advisory] http://secunia.com/advisories/21564

[Patch, Vendor Advisory] http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml

[Patch] http://www.php.net/release_5_1_2.php

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0501.html

[Patch] http://www.securityfocus.com/bid/16803

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/0177

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/0369

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/2685

... and 9 more

Scores

EPSS 0.0237

EPSS Percentile 84.8%

Classification

CWE

CWE-79

Status draft

Affected Products (49)

php/php

php/php

php/php

php/php

php/php

php/php

php/php

php/php

php/php

php/php

php/php

php/php

php/php

php/php

php/php

... and 34 more

Timeline

Published Jan 13, 2006

Tracked Since Feb 18, 2026