Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
rhn.redhat.com/errata/RHSA-2006-0276.html
rhn.redhat.com/errata/RHSA-2006-0549.html
secunia.com/advisories/18431
secunia.com/advisories/18697
secunia.com/advisories/19012
secunia.com/advisories/19179
secunia.com/advisories/19355
secunia.com/advisories/19832
secunia.com/advisories/20210
secunia.com/advisories/20222
secunia.com/advisories/20951
secunia.com/advisories/21252
secunia.com/advisories/21564
support.avaya.com/elmodocs2/security/ASA-2006-129.htm
support.avaya.com/elmodocs2/security/ASA-2006-160.htm
www.gentoo.org/security/en/glsa/glsa-200603-22.xml
www.mandriva.com/security/advisories?name=MDKSA-2006:028
www.php.net/ChangeLog-4.php#4.4.2
www.php.net/release_5_1_2.php
www.redhat.com/support/errata/RHSA-2006-0501.html
www.securityfocus.com/bid/16803
www.vupen.com/english/advisories/2006/0177
www.vupen.com/english/advisories/2006/0369
www.vupen.com/english/advisories/2006/2685
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064
usn.ubuntu.com/261-1/