Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

Remediation

References

CVE-2006-0208

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2007-2897)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-6833)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-1151)

WordPress Plugin Prismatic Multiple Cross-Site Scripting Vulnerabilities (2.7)

Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1165)

Severity

Low

Classification

CVE-2006-0208 CWE-707

Tags

Missing Update Known Vulnerabilities