CVE-2010-3294

APC <3.1.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (6)

[Various Sources] http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-0811.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/2406

[Mailing List] http://www.openwall.com/lists/oss-security/2010/09/14/1

[Mailing List] http://www.openwall.com/lists/oss-security/2010/09/14/6

[Mailing List] http://www.openwall.com/lists/oss-security/2010/09/14/8

Scores

EPSS 0.0048

EPSS Percentile 64.8%

Classification

CWE

CWE-79

Status published

Affected Products (31)

pecl-php/alternative_php_cache < 3.1.3

pecl-php/alternative_php_cache

... and 16 more

Timeline

Published Sep 24, 2010

Tracked Since Feb 18, 2026