Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23309

HistoryApr 10, 2020 - 12:22 a.m.

Cross-site Scripting (XSS)

2020-04-1000:22:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

php is vulnerable to cross-site scripting (XSS). The vulnerability exists as the PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped.

CPENameOperatorVersion
perl-dbd-mysqleq4.004__1.el5s2
mysql-connector-odbceq3.51.15r409__1.el5s2
postgresql-odbceq08.02.0200__1.el5s2
mod_jkeq1.2.23__3.el5s2
mod_perleq2.0.3__3.el5s2
mod_perleq2.0.2__6.3.el5
phpeq5.1.4__1.el4s1.2
phpeq5.1.6__11.el5
phpeq5.1.6__7.el5
phpeq5.1.6__12.el5

Rows per page:

1-10 of 741

References

lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html

secunia.com/advisories/27648

secunia.com/advisories/27659

secunia.com/advisories/27864

secunia.com/advisories/28249

secunia.com/advisories/28658

secunia.com/advisories/30040

secunia.com/advisories/30828

secunia.com/advisories/31119

secunia.com/advisories/31124

secunia.com/advisories/31200

securitytracker.com/id?1018934

wiki.rpath.com/wiki/Advisories:rPSA-2007-0242

www.debian.org/security/2008/dsa-1444

www.mandriva.com/security/advisories?name=MDVSA-2008:125

www.mandriva.com/security/advisories?name=MDVSA-2008:126

www.mandriva.com/security/advisories?name=MDVSA-2008:127

www.php.net/ChangeLog-5.php#5.2.5

www.php.net/releases/5_2_5.php

www.redhat.com/docs/en-US/Red_Hat_Application_Stack/2.1/html-single/Release_Notes/

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2008-0505.html

www.redhat.com/support/errata/RHSA-2008-0544.html

www.redhat.com/support/errata/RHSA-2008-0545.html

www.redhat.com/support/errata/RHSA-2008-0546.html

www.redhat.com/support/errata/RHSA-2008-0582.html

www.securityfocus.com/archive/1/491693/100/0/threaded

www.ubuntu.com/usn/usn-549-2

www.ubuntu.com/usn/usn-628-1

access.redhat.com/errata/RHSA-2008:0505

issues.rpath.com/browse/RPL-1943

launchpad.net/bugs/173043

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10080

usn.ubuntu.com/549-1/

www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

Related for VERACODE:23309

prion1 ubuntucve1 cve1 redhat5 nessus21 oraclelinux2 openvas36 securityvulns3 centos3 fedora1 debian2 osv1 ubuntu3 suse1