3 matches found
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3289)
This Update fixes numerous vulnerabilities in PHP. Most of them were made public during the 'Month of PHP Bugs'. The vulnerabilities potentially lead to crashes, information leaks or even execution of malicious code. CVE-2007-1380, CVE-2007-0988, CVE-2007-1375, CVE-2007-1454 CVE-2007-1453,...
CVE-2007-1454
ext/filter in PHP 5.2.0, when FILTERSANITIZESTRING is used with the FILTERFLAGSTRIPLOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting XSS attacks via HTML with a '' character followed by certain whitespace characters, which passes one filter...
CVE-2007-1454
CVE-2007-1454 relates to PHP 5.2.0 ext/filter: when using FILTER_SANITIZE_STRING with FILTER_FLAG_STRIP_LOW, HTML tags aren’t fully stripped, enabling XSS via a tag-starting sequence like