php: htmlspecialchars() insufficient checking of input for multi-byte encodings
The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by placing a crafted byte sequence before a special...