5.5 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.09 Low
EPSS
Percentile
94.5%
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c
cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261
marc.info/?l=php-cvs&m=114374620416389&w=2
rhn.redhat.com/errata/RHSA-2006-0276.html
rhn.redhat.com/errata/RHSA-2006-0549.html
secunia.com/advisories/19599
secunia.com/advisories/19775
secunia.com/advisories/19832
secunia.com/advisories/19979
secunia.com/advisories/20052
secunia.com/advisories/20210
secunia.com/advisories/20222
secunia.com/advisories/20951
secunia.com/advisories/21125
secunia.com/advisories/21252
secunia.com/advisories/21564
security.gentoo.org/glsa/glsa-200605-08.xml
securityreason.com/achievement_securityalert/34
securityreason.com/securityalert/675
securitytracker.com/id?1015879
support.avaya.com/elmodocs2/security/ASA-2006-129.htm
support.avaya.com/elmodocs2/security/ASA-2006-160.htm
www.mandriva.com/security/advisories?name=MDKSA-2006:074
www.novell.com/linux/security/advisories/05-05-2006.html
www.osvdb.org/24484
www.php.net/ChangeLog-4.php#4.4.3
www.redhat.com/support/errata/RHSA-2006-0501.html
www.securityfocus.com/bid/17362
www.ubuntu.com/usn/usn-320-1
www.vupen.com/english/advisories/2006/1290
www.vupen.com/english/advisories/2006/2685
exchange.xforce.ibmcloud.com/vulnerabilities/25702
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997