PHP Display_errors Cross-Site Scripting Vulnerability Network Vulnerability

Summary

The host is running PHP and is prone to Cross-Site Scripting vulnerability.

Impact

Successful exploitation could allow attackers to inject arbitrary web script or HTML via unspecified vectors and conduct Cross-Site Scripting attacks. Impact Level: Application

Solution

Upgrade to version 5.2.8 or later http://www.php.net/downloads.php

Insight

The flaw is due to improper handling of certain inputs when display_errors settings is enabled.

Affected

PHP, PHP version 5.2.7 and prior on all running platform.

References

http://jvn.jp/en/jp/JVN50327700/index.html
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5814
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

ownCloud Multiple Cross Site Scripting Vulnerabilities -03 May14
ASUS RT-N56U Wireless Router 'QIS_wizard.htm' Password Information Disclosure Vulnerability
Manx Multiple Cross Site Scripting and Directory Traversal Vulnerabilities
MoinMoin 'Despam' Action Cross-Site Scripting Vulnerability
Atlassian Confluence Multiple Cross Site Scripting Vulnerabilities

PHP display_errors Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities