CVE-2006-0208 Information
Share on:Description
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1 when display_errors and html_errors are on allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
Reference
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html http://rhn.redhat.com/errata/RHSA-2006-0276.html http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/18431 http://secunia.com/advisories/18697 http://secunia.com/advisories/19012 http://secunia.com/advisories/19179 http://secunia.com/advisories/19355 http://secunia.com/advisories/19832 http://secunia.com/advisories/20210 http://secunia.com/advisories/20222 http://secunia.com/advisories/20951 http://secunia.com/advisories/21252 http://secunia.com/advisories/21564 http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:028 http://www.php.net/ChangeLog-4.php4.4.2 http://www.php.net/release_5_1_2.php http://www.redhat.com/support/errata/RHSA-2006-0501.html http://www.securityfocus.com/bid/16803 http://www.vupen.com/english/advisories/2006/0177 http://www.vupen.com/english/advisories/2006/0369 http://www.vupen.com/english/advisories/2006/2685 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10064 https://usn.ubuntu.com/261-1/