Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24423
HistoryApr 10, 2020 - 12:53 a.m.

Cross-site Scripting (XSS)

2020-04-1000:53:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

php is vulnerable to cross-site scripting (XSS). The vulnerability exists as a numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack.

References

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P