CVE-2006-0208
5.6 Medium
AI Score
Confidence
High
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
80.9%
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
References
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
rhn.redhat.com/errata/RHSA-2006-0276.html
rhn.redhat.com/errata/RHSA-2006-0549.html
secunia.com/advisories/18431
secunia.com/advisories/18697
secunia.com/advisories/19012
secunia.com/advisories/19179
secunia.com/advisories/19355
secunia.com/advisories/19832
secunia.com/advisories/20210
secunia.com/advisories/20222
secunia.com/advisories/20951
secunia.com/advisories/21252
secunia.com/advisories/21564
support.avaya.com/elmodocs2/security/ASA-2006-129.htm
support.avaya.com/elmodocs2/security/ASA-2006-160.htm
www.gentoo.org/security/en/glsa/glsa-200603-22.xml
www.mandriva.com/security/advisories?name=MDKSA-2006:028
www.php.net/ChangeLog-4.php#4.4.2
www.php.net/release_5_1_2.php
www.redhat.com/support/errata/RHSA-2006-0501.html
www.securityfocus.com/bid/16803
www.vupen.com/english/advisories/2006/0177
www.vupen.com/english/advisories/2006/0369
www.vupen.com/english/advisories/2006/2685
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064
usn.ubuntu.com/261-1/
Related
5.6 Medium
AI Score
Confidence
High
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
80.9%