Description

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Remediation

References

CVE-2018-5712

Related Vulnerabilities

MODX Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-8773)

Jenkins Inadequate Encryption Strength Vulnerability (CVE-2017-2598)

WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics Arbitrary File Download (0.7)

WordPress Plugin NextGEN Gallery Sell Photo Cross-Site Scripting (1.0.4)

WordPress Plugin WP Floating Menu-One page navigator, sticky menu for WordPress Cross-Site Scripting (1.3.0)

Severity

Medium

Classification

CVE-2018-5712 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities