XSS through FPD

PMASA-2016-24 Announcement-ID: PMASA-2016-24 Date: 2016-06-23 Summary XSS through FPD Description With a specially crafted request, it is possible to trigger an XSS attack through the example OpenID authentication script. Severity We do not consider this vulnerability to be secure due to the...

php(5.3.10-5.4.0)_XSS_vulns.txt

============================================================================================= Vulnerable Software: PHP 5.3.10/5.4.0 php-5.3.10-Win32-VC9-x86.zip MD5 SUM: af452dfa681ae03ff42eea6d1c7348cd php-5.4.0-Win32-VC9-x86.zip MD5 SUM: b1b0abe883f84eb6d76793aabf1aa612 Downloaded...

PHP 5.3.10 / 5.4.0 Cross Site Scripting

============================================================================================= Vulnerable Software: PHP 5.3.10/5.4.0 php-5.3.10-Win32-VC9-x86.zip MD5 SUM: af452dfa681ae03ff42eea6d1c7348cd php-5.4.0-Win32-VC9-x86.zip MD5 SUM: b1b0abe883f84eb6d76793aabf1aa612 Downloaded...

USN-261-1: PHP vulnerabilities

Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP Response Splitting forging of...

CVE-2006-0208

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...

CVE-2006-0208

The CVE-2006-0208 entry affects PHP 4.4.1 and 5.1.1, where enabling display_errors and html_errors allows remote attackers to inject arbitrary script/HTML via unsafely echoed inputs in error messages. Public-advisory details (from connected docs) indicate this class of XSS vulnerabilities is tied...