Description
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.
Remediation
References
Related Vulnerabilities
WordPress Plugin Backup Migration Remote Code Execution (1.3.7)
WordPress Plugin JS Help Desk (formerly JS Support Ticket) SQL Injection (2.1.0)
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.9)
Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6)
WordPress Plugin Business Hours Indicator Cross-Site Scripting (2.3.4)