CVE-2006-0208

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

References

https://usn.ubuntu.com/261-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028

http://www.vupen.com/english/advisories/2006/2685

http://www.vupen.com/english/advisories/2006/0369

http://www.vupen.com/english/advisories/2006/0177

http://www.securityfocus.com/bid/16803

http://www.redhat.com/support/errata/RHSA-2006-0501.html

http://www.php.net/release_5_1_2.php

http://www.php.net/ChangeLog-4.php#4.4.2

http://www.mandriva.com/security/advisories?name=MDKSA-2006:028

http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml

http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm

http://secunia.com/advisories/21564

http://secunia.com/advisories/21252

http://secunia.com/advisories/20951

http://secunia.com/advisories/20222

http://secunia.com/advisories/20210

http://secunia.com/advisories/19832

http://secunia.com/advisories/19355

http://secunia.com/advisories/19179

http://secunia.com/advisories/19012

http://secunia.com/advisories/18697

http://secunia.com/advisories/18431

http://rhn.redhat.com/errata/RHSA-2006-0549.html

http://rhn.redhat.com/errata/RHSA-2006-0276.html

http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html

Details

Source: Mitre, NVD

Published: 2006-01-13

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium