WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17082)

Description

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.

Remediation

References

Related Vulnerabilities

SharePoint CVE-2023-21742 Vulnerability (CVE-2023-21742)

WordPress Plugin WP-Footnotes 'admin_panel.php' Multiple Remote Vulnerabilities (2.2)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.35)

MySQL CVE-2021-35546 Vulnerability (CVE-2021-35546)

TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-21339)

Severity

Medium

Classification

CVE-2018-17082 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities