Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:50327700
HistoryDec 19, 2008 - 12:00 a.m.

JVN#50327700 PHP vulnerable to cross-site scripting

2008-12-1900:00:00
Japan Vulnerability Notes
jvn.jp
16

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON

PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors.

Impact

An arbitrary script may be executed on the user’s web browser.

Solution

Update the Software
Apply the latest update provided by the developer.

According to the developer, PHP 4.X is no longer supported. Users of PHP 4.X are recommended to upgrade to PHP 5.2.X.

Products Affected

  • PHP 5.2.7 and earlier
    If PHP is configured with display_errors=off in php.ini, it is not affected.
    Additionally, PHP 5.3.0alpha is not affected.

Related

veracode 1
openvas 28
nessus 19
ubuntucve 1
securityvulns 4
prion 1
ubuntu 2
cve 1
centos 1
redhat 2
oraclelinux 1
osv 1
debian 1
fedora 4
gentoo 1
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:31:24
openvas
openvas
PHP display_errors XSS Vulnerability
2009-01-08 00:00:00
Ubuntu: Security Advisory (USN-761-2)
2009-06-05 00:00:00
PHP < 5.2.8 Multiple Vulnerabilities
2012-06-21 00:00:00
nessus
nessus
Ubuntu 9.04 : php5 vulnerabilities (USN-761-2)
2009-04-28 00:00:00
PHP < 5.2.8 Multiple Vulnerabilities
2008-12-09 00:00:00
HP System Management Homepage < 3.0.1.73 Multiple Flaws
2009-05-20 00:00:00
ubuntucve
ubuntucve
CVE-2008-5814
2009-01-02 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMA02426 SSRT090053 rev.1 - HP System Management Homepage &#40;SMH&#41; for Linux and Windows Running PHP and OpenSSL, Remote Cross Site Scripting &#40;XSS&#41;, Unauthorized Access
2009-05-21 00:00:00
HP System Management Homepage crossite scripting
2010-02-04 00:00:00
[security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage &#40;SMH&#41; for Linux and Windows, Remote Cross Site Scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;, Execution of Arbitrary Code, Unauthorized Access
2010-04-26 00:00:00
prion
prion
Cross site scripting
2009-01-02 18:11:00
ubuntu
ubuntu
PHP vulnerabilities
2009-04-27 00:00:00
PHP vulnerabilities
2009-04-20 00:00:00
cve
cve
CVE-2008-5814
2009-01-02 18:11:00
centos
centos
php security update
2009-04-07 12:21:16
redhat
redhat
(RHSA-2009:0338) Moderate: php security update
2009-04-06 00:00:00
(RHSA-2009:0350) Moderate: php security update
2009-04-14 00:00:00
oraclelinux
oraclelinux
php security update
2009-04-06 00:00:00
osv
osv
php5 - several vulnerabilities
2009-05-04 00:00:00
debian
debian
[SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities
2009-05-04 20:57:57
fedora
fedora
[SECURITY] Fedora 10 Update: php-5.2.9-2.fc10
2009-05-30 02:34:40
[SECURITY] Fedora 9 Update: php-5.2.9-2.fc9
2009-05-30 02:38:47
[SECURITY] Fedora 10 Update: maniadrive-1.2-13.fc10
2009-05-30 02:34:40
gentoo
gentoo
PHP: Multiple vulnerabilities
2010-01-05 00:00:00

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON
Related for JVN:50327700
veracode1openvas28nessus19ubuntucve1securityvulns4prion1ubuntu2cve1centos1redhat2oraclelinux1osv1debian1fedora4gentoo1