php -- strip_tags cross-site scripting vulnerability

ID EDF61C61-0F07-11D9-8393-000103CCF9D6
Type freebsd
Reporter FreeBSD
Modified 2013-06-19T00:00:00


Stefan Esser of e-matters discovered that PHP's strip_tags() function would ignore certain characters during parsing of tags, allowing these tags to pass through. Select browsers could then parse these tags, possibly allowing cross-site scripting attacks.