Cross-site Scripting (XSS)

PHP is vulnerable to reflected XSS vulnerability. An attack can inject a malicious script on PHAR 403 and 404 error pages through request data of a request for a .phar file. It is possible due to an incomplete fix of CVE-2018-5712...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-3646-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3646-1 advisory. It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibl...

USN-3646-1 php5, php7.0, php7.1, php7.2 vulnerabilities

It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. CVE-2018-10545 It was discovered that the PHP iconv stream filter incorrect handl...

ALPINE-CVE-2018-10547

An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...

EUVD-2018-2619

An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...

UBUNTU-CVE-2018-10547

An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...