CVE-2006-0208

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://secunia.com/advisories/18431
http://secunia.com/advisories/18697
http://secunia.com/advisories/19012
http://secunia.com/advisories/19179
http://secunia.com/advisories/19355
http://secunia.com/advisories/19832
http://secunia.com/advisories/20210
http://secunia.com/advisories/20222
http://secunia.com/advisories/20951
http://secunia.com/advisories/21252
http://secunia.com/advisories/21564
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
http://www.php.net/ChangeLog-4.php#4.4.2
http://www.php.net/release_5_1_2.php
http://www.redhat.com/support/errata/RHSA-2006-0501.html
http://www.securityfocus.com/bid/16803
http://www.vupen.com/english/advisories/2006/0177
http://www.vupen.com/english/advisories/2006/0369
http://www.vupen.com/english/advisories/2006/2685
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064
https://usn.ubuntu.com/261-1/

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

30-10-2018 - 16:25

Objavljeno

13-01-2006 - 23:03