Lucene search
FreeBSDEDF61C61-0F07-11D9-8393-000103CCF9D6HistoryJul 07, 2004 - 12:00 a.m.
php -- strip_tags cross-site scripting vulnerability
2004-07-0700:00:00
vuxml.freebsd.org
21
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.939 High
EPSS
Percentile
99.1%
Stefan Esser of e-matters discovered that PHP’s strip_tags()
function would ignore certain characters during parsing of tags,
allowing these tags to pass through. Select browsers could then
parse these tags, possibly allowing cross-site scripting attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | mod_php4-twig | <= 4.3.7_3 | UNKNOWN |
| FreeBSD | any | noarch | php4 | <= 4.3.7_3 | UNKNOWN |
| FreeBSD | any | noarch | php4-cgi | <= 4.3.7_3 | UNKNOWN |
| FreeBSD | any | noarch | php4-cli | <= 4.3.7_3 | UNKNOWN |
| FreeBSD | any | noarch | php4-dtc | <= 4.3.7_3 | UNKNOWN |
| FreeBSD | any | noarch | php4-horde | <= 4.3.7_3 | UNKNOWN |
| FreeBSD | any | noarch | php4-nms | <= 4.3.7_3 | UNKNOWN |
| FreeBSD | any | noarch | mod_php4 | <= 4.3.7_3,1 | UNKNOWN |
| FreeBSD | any | noarch | php5 | <= 5.0.0.r3_2 | UNKNOWN |
| FreeBSD | any | noarch | php5-cgi | <= 5.0.0.r3_2 | UNKNOWN |
Related
securityvulns
securityvulns
[Full-Disclosure] Advisory 12/2004: PHP strip_tags() bypass vulnerability
2004-07-14 00:00:00
Mambo Multiple Vulnerabilities
2006-02-25 00:00:00
cve
cve
CVE-2004-0595
2004-07-27 04:00:00
openvas
openvas
php -- strip_tags cross-site scripting vulnerability
2008-09-04 00:00:00
php -- strip_tags cross-site scripting vulnerability
2008-09-04 00:00:00
Slackware Advisory SSA:2004-202-01 PHP
2012-09-11 00:00:00
packetstorm
packetstorm
mambo453.txt
2006-02-26 00:00:00
nessus
nessus
FreeBSD : php -- strip_tags XSS vulnerability (edf61c61-0f07-11d9-8393-000103ccf9d6)
2005-07-13 00:00:00
Fedora Core 2 : php-4.3.8-2.1 (2004-223)
2004-07-24 00:00:00
GLSA-200407-13 : PHP: Multiple security vulnerabilities
2004-08-30 00:00:00
gentoo
gentoo
PHP: Multiple security vulnerabilities
2004-07-15 00:00:00
slackware
slackware
PHP
2004-07-20 23:21:16
osv
osv
php3 - several
2005-02-07 00:00:00
php4 - several vulnerabilities
2004-07-20 00:00:00
debian
debian
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 669-1] New php3 packages fix several vulnerabilities
2005-02-07 12:12:08
[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
2004-07-21 02:41:59
redhat
redhat
(RHSA-2004:395) php security update
2004-07-19 00:00:00
(RHSA-2004:392) php security update
2004-07-19 00:00:00
exploitpack
exploitpack
Mambo 4.5.3h - Multiple Vulnerabilities
2016-02-24 00:00:00
exploitdb
exploitdb
Mambo < 4.5.3h - Multiple Vulnerabilities
2016-02-24 00:00:00
suse
suse
remote code execution in php4/mod_php4
2004-07-16 12:43:18
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.939 High
EPSS
Percentile
99.1%
Related for EDF61C61-0F07-11D9-8393-000103CCF9D6