Description

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

Remediation

References

CVE-2005-3388

Related Vulnerabilities

PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19355)

WebLogic CVE-2017-10271 Vulnerability (CVE-2017-10271)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)

phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6048)

AngularJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7676)

Severity

Medium

Classification

CVE-2005-3388

Tags

Missing Update Known Vulnerabilities