Description

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.

Remediation

References

CVE-2008-5814

Related Vulnerabilities

WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)

WordPress 4.7.x Cross-Site Request Forgery (4.7 - 4.7.12)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15073)

PHP version older than 5.2.3

Oracle Database Server CVE-2021-2234 Vulnerability (CVE-2021-2234)

Severity

Low

Classification

CVE-2008-5814 CWE-707

Tags

Missing Update Known Vulnerabilities