CVE-2003-0442

The CVE-2003-0442 issue concerns the PHP4 transparent session ID feature (session.use_trans_sid). Multiple sources describe a Cross-Site Scripting (XSS) vulnerability in PHP4 prior to 4.3.2 where the PHPSESSID parameter could be used by a remote attacker to inject scripts. The Debian advisory DSA...