CVE-2008-5814
Vulnerability Summary
Timeline
Description
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.
CVSS Metrics
- v2.0•LOW•Score: 2.6AV:N/AC:H/Au:N/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 0.78%• Percentile: 74%
Techniques & Countermeasures
- CWE-79•Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Affected Systems
- Unknown•PHP
≤ 5.2.7 | 1.0 | 2.0 | 2.0b10 | 3.0 | 3.0.1 | 3.0.2 | 3.0.3 | 3.0.4 | 3.0.5 | 3.0.6 | 3.0.7 | 3.0.8 | 3.0.9 | 3.0.10 | 3.0.11 | 3.0.12 | 3.0.13 | 3.0.14 | 3.0.15 | 3.0.16 | 3.0.17 | 3.0.18 | 4 | 4.0 | 4.0:beta_4_patch1 | 4.0:beta1 | 4.0:beta2 | 4.0:beta3 | 4.0:beta4 | 4.0:rc1 | 4.0:rc2 | 4.0.0 | 4.0.1 | 4.0.1:patch1 | 4.0.1:patch2 | 4.0.2 | 4.0.3 | 4.0.3:patch1 | 4.0.4 | 4.0.4:patch1 | 4.0.5 | 4.0.6 | 4.0.7 | 4.0.7:rc1 | 4.0.7:rc2 | 4.0.7:rc3 | 4.0.7:rc4 | 4.1.0 | 4.1.1 | 4.1.2 | 4.2 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 4.3.6 | 4.3.7 | 4.3.8 | 4.3.9 | 4.3.10 | 4.3.11 | 4.4.0 | 4.4.1 | 4.4.2 | 4.4.3 | 4.4.4 | 4.4.5 | 4.4.6 | 4.4.7 | 4.4.8 | 4.4.9 | 5 | 5.0:rc1 | 5.0:rc2 | 5.0:rc3 | 5.0.0 | 5.0.0:beta1 | 5.0.0:beta2 | 5.0.0:beta3 | 5.0.0:beta4 | 5.0.0:rc1 | 5.0.0:rc2 | 5.0.0:rc3 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.1.0 | 5.1.1 | 5.1.2 | 5.1.3 | 5.1.4 | 5.1.5 | 5.1.6 | 5.2.0 | 5.2.1 | 5.2.2 | 5.2.3 | 5.2.4 | 5.2.5 | 5.2.6
References (16)
- http://jvn.jp/en/jp/JVN50327700/index.html
- http://marc.info/?l=bugtraq&m=124277349419254&w=2
- http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
- http://secunia.com/advisories/35007
- http://secunia.com/advisories/34933
- http://secunia.com/advisories/34830
- http://www.ubuntu.com/usn/USN-761-2
- http://secunia.com/advisories/35108
- http://www.redhat.com/support/errata/RHSA-2009-0350.html
- http://secunia.com/advisories/35003
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10501
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47496
- http://www.vupen.com/english/advisories/2009/1338
- https://usn.ubuntu.com/761-1/
- http://www.debian.org/security/2009/dsa-1789