[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-5712":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":74,"related":75,"reserved_at":9,"published_at":79,"modified_at":80,"state":81,"summary":82,"references_raw":91,"kevs":159,"epss":160,"epss_history":163,"metrics":380,"affected":391},"CVE-2018-5712","An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[],[],[48,50,52,54,56,58,60,62,64,66,68,70,72],{"_key":49},"ALPINE-CVE-2018-5712",{"_key":51},"RHSA-2020:1112",{"_key":53},"SUSE-SU-2018:0216-1",{"_key":55},"SUSE-SU-2018:0308-1",{"_key":57},"SUSE-SU-2018:0806-1",{"_key":59},"DLA-1251-1",{"_key":61},"DSA-4080-1",{"_key":63},"DSA-4081-1",{"_key":65},"UBUNTU-CVE-2018-5712",{"_key":67},"USN-3566-1",{"_key":69},"USN-3600-1",{"_key":71},"RHSA-2018:1296",{"_key":73},"RHSA-2019:2519",[],[76,77,78],{"_key":53},{"_key":55},{"_key":57},"2018-01-16T09:00:00.000Z","2024-08-05T05:40:51.160Z","Modified",{"cisa_kev":83,"cisa_ransomware":83,"cisa_vendor":9,"epss_severity":84,"epss_score":85,"severity":86,"severity_score":87,"severity_version":88,"severity_source":89,"severity_vector":90,"severity_status":81},false,"critical",0.89192,"medium",6.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[92,100,106,111,116,122,126,130,136,142,146,150,154],{"url":93,"sources":94,"tags":96},"https://usn.ubuntu.com/3600-1/",[95,89],"cve.org",[97,98,99],"Vendor Advisory","X Refsource UBUNTU","Third Party Advisory",{"url":101,"sources":102,"tags":103},"http://www.securitytracker.com/id/1040363",[95,89],[104,105,99],"VDB Entry","X Refsource SECTRACK",{"url":107,"sources":108,"tags":109},"http://www.securityfocus.com/bid/104020",[95,89],[104,110,99],"X Refsource BID",{"url":112,"sources":113,"tags":114},"https://access.redhat.com/errata/RHSA-2018:1296",[95,89],[97,115,99],"X Refsource REDHAT",{"url":117,"sources":118,"tags":119},"http://php.net/ChangeLog-5.php",[95,89],[120,121,97],"X Refsource CONFIRM","Release Notes",{"url":123,"sources":124,"tags":125},"https://usn.ubuntu.com/3566-1/",[95,89],[97,98,99],{"url":127,"sources":128,"tags":129},"http://php.net/ChangeLog-7.php",[95,89],[120,121,97],{"url":131,"sources":132,"tags":133},"https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html",[95,89],[134,135,99],"Mailing List","X Refsource MLIST",{"url":137,"sources":138,"tags":139},"https://bugs.php.net/bug.php?id=74782",[95,89],[120,140,141,97],"Issue Tracking","Patch",{"url":143,"sources":144,"tags":145},"http://www.securityfocus.com/bid/102742",[95,89],[104,110,99],{"url":147,"sources":148,"tags":149},"https://usn.ubuntu.com/3600-2/",[95,89],[97,98,99],{"url":151,"sources":152,"tags":153},"https://access.redhat.com/errata/RHSA-2019:2519",[95,89],[97,115],{"url":155,"sources":156,"tags":157},"https://www.oracle.com/security-alerts/cpuapr2020.html",[95,89],[158],"X Refsource MISC",[],{"date":161,"score":85,"percentile":162},"2026-06-04",0.99553,[164,167,169,171,173,176,178,180,183,185,187,189,191,193,195,199,202,205,209,212,214,216,218,221,223,225,228,230,234,237,240,242,244,246,248,251,253,256,259,261,263,265,267,269,271,275,278,280,282,284,286,289,291,293,297,299,301,303,306,309,312,314,317,320,322,324,326,328,330,332,334,336,338,340,342,345,347,349,352,354,356,359,361,363,366,369,371,373,375,377],{"date":165,"score":85,"percentile":166},"2025-11-04",0.99507,{"date":168,"score":85,"percentile":166},"2025-11-05",{"date":170,"score":85,"percentile":166},"2025-11-06",{"date":172,"score":85,"percentile":166},"2025-11-07",{"date":174,"score":85,"percentile":175},"2025-11-08",0.99506,{"date":177,"score":85,"percentile":175},"2025-11-09",{"date":179,"score":85,"percentile":175},"2025-11-10",{"date":181,"score":85,"percentile":182},"2025-11-11",0.99505,{"date":184,"score":85,"percentile":175},"2025-11-12",{"date":186,"score":85,"percentile":175},"2025-11-13",{"date":188,"score":85,"percentile":175},"2025-11-14",{"date":190,"score":85,"percentile":166},"2025-11-15",{"date":192,"score":85,"percentile":166},"2025-11-16",{"date":194,"score":85,"percentile":166},"2025-11-17",{"date":196,"score":197,"percentile":198},"2025-11-18",0.10872,0.92656,{"date":200,"score":197,"percentile":201},"2025-11-19",0.92659,{"date":203,"score":197,"percentile":204},"2025-11-20",0.92663,{"date":206,"score":207,"percentile":208},"2025-11-21",0.8761,0.99425,{"date":210,"score":207,"percentile":211},"2025-11-22",0.99426,{"date":213,"score":207,"percentile":211},"2025-11-23",{"date":215,"score":207,"percentile":211},"2025-11-24",{"date":217,"score":207,"percentile":211},"2025-11-25",{"date":219,"score":207,"percentile":220},"2025-11-26",0.99427,{"date":222,"score":207,"percentile":220},"2025-11-27",{"date":224,"score":207,"percentile":220},"2025-11-28",{"date":226,"score":207,"percentile":227},"2025-11-29",0.99428,{"date":229,"score":207,"percentile":227},"2025-11-30",{"date":231,"score":232,"percentile":233},"2025-12-01",0.71421,0.98662,{"date":235,"score":232,"percentile":236},"2025-12-02",0.98664,{"date":238,"score":232,"percentile":239},"2025-12-03",0.98665,{"date":241,"score":207,"percentile":211},"2025-12-04",{"date":243,"score":207,"percentile":211},"2025-12-05",{"date":245,"score":207,"percentile":211},"2025-12-06",{"date":247,"score":207,"percentile":220},"2025-12-07",{"date":249,"score":207,"percentile":250},"2025-12-08",0.99429,{"date":252,"score":207,"percentile":250},"2025-12-09",{"date":254,"score":207,"percentile":255},"2025-12-10",0.9943,{"date":257,"score":207,"percentile":258},"2025-12-11",0.99431,{"date":260,"score":207,"percentile":255},"2025-12-12",{"date":262,"score":207,"percentile":250},"2025-12-13",{"date":264,"score":207,"percentile":250},"2025-12-14",{"date":266,"score":207,"percentile":250},"2025-12-15",{"date":268,"score":207,"percentile":255},"2025-12-16",{"date":270,"score":207,"percentile":258},"2025-12-17",{"date":272,"score":273,"percentile":274},"2025-12-18",0.87742,0.99437,{"date":276,"score":273,"percentile":277},"2025-12-19",0.99438,{"date":279,"score":273,"percentile":277},"2025-12-20",{"date":281,"score":273,"percentile":277},"2025-12-21",{"date":283,"score":273,"percentile":277},"2025-12-22",{"date":285,"score":273,"percentile":277},"2025-12-23",{"date":287,"score":273,"percentile":288},"2025-12-24",0.99439,{"date":290,"score":273,"percentile":288},"2025-12-25",{"date":292,"score":273,"percentile":277},"2025-12-26",{"date":294,"score":295,"percentile":296},"2025-12-27",0.8341,0.99241,{"date":298,"score":273,"percentile":274},"2025-12-28",{"date":300,"score":273,"percentile":274},"2025-12-29",{"date":302,"score":273,"percentile":274},"2025-12-30",{"date":304,"score":207,"percentile":305},"2025-12-31",0.99433,{"date":307,"score":232,"percentile":308},"2026-01-01",0.98678,{"date":310,"score":232,"percentile":311},"2026-01-02",0.98679,{"date":313,"score":232,"percentile":311},"2026-01-03",{"date":315,"score":207,"percentile":316},"2026-01-04",0.99436,{"date":318,"score":207,"percentile":319},"2026-01-05",0.99435,{"date":321,"score":207,"percentile":319},"2026-01-06",{"date":323,"score":207,"percentile":319},"2026-01-07",{"date":325,"score":207,"percentile":319},"2026-01-08",{"date":327,"score":207,"percentile":316},"2026-01-09",{"date":329,"score":207,"percentile":274},"2026-01-10",{"date":331,"score":207,"percentile":274},"2026-01-11",{"date":333,"score":207,"percentile":274},"2026-01-12",{"date":335,"score":207,"percentile":277},"2026-01-13",{"date":337,"score":207,"percentile":277},"2026-01-14",{"date":339,"score":207,"percentile":288},"2026-01-15",{"date":341,"score":207,"percentile":288},"2026-01-16",{"date":343,"score":207,"percentile":344},"2026-01-17",0.9944,{"date":346,"score":207,"percentile":344},"2026-01-18",{"date":348,"score":207,"percentile":344},"2026-01-19",{"date":350,"score":207,"percentile":351},"2026-01-20",0.99441,{"date":353,"score":207,"percentile":351},"2026-01-21",{"date":355,"score":207,"percentile":351},"2026-01-22",{"date":357,"score":207,"percentile":358},"2026-01-23",0.99443,{"date":360,"score":207,"percentile":358},"2026-01-24",{"date":362,"score":207,"percentile":358},"2026-01-25",{"date":364,"score":207,"percentile":365},"2026-01-26",0.99444,{"date":367,"score":207,"percentile":368},"2026-01-27",0.99445,{"date":370,"score":207,"percentile":368},"2026-01-28",{"date":372,"score":207,"percentile":368},"2026-01-29",{"date":374,"score":207,"percentile":365},"2026-01-30",{"date":376,"score":207,"percentile":368},"2026-01-31",{"date":378,"score":232,"percentile":379},"2026-02-01",0.98691,[381],{"source":89,"cvss_v2_0":382,"cvss_v3_0":387,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":383,"baseSeverity":9,"vectorString":384,"impactScore":385,"exploitabilityScore":386},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":87,"baseSeverity":388,"vectorString":90,"impactScore":389,"exploitabilityScore":390},"MEDIUM",4.5,7.2,[392,407,414],{"ecosystem":9,"name":393,"vendor":394,"product":395,"cpe_part":396,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":397},"ubuntu linux","canonical","ubuntu_linux","o",[398,401,403,405],{"version":399,"is_range":83,"range_type":400,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":402,"is_range":83,"range_type":400,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":404,"is_range":83,"range_type":400,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":406,"is_range":83,"range_type":400,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"17.10",{"ecosystem":9,"name":408,"vendor":409,"product":410,"cpe_part":396,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":411},"debian linux","debian","debian_linux",[412],{"version":413,"is_range":83,"range_type":400,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"ecosystem":9,"name":415,"vendor":9,"product":415,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":416},"PHP",[417,422,426,431],{"version":418,"is_range":419,"range_type":400,"version_start":9,"version_start_type":9,"version_end":420,"version_end_type":421,"fixed_in":9},"lte5.6.32",true,"5.6.32","including",{"version":423,"is_range":419,"range_type":400,"version_start":424,"version_start_type":421,"version_end":425,"version_end_type":421,"fixed_in":9},"gte7.0.0_lte7.0.26","7.0.0","7.0.26",{"version":427,"is_range":419,"range_type":400,"version_start":428,"version_start_type":429,"version_end":430,"version_end_type":421,"fixed_in":9},"gt7.1.0_lte7.1.12","7.1.0","excluding","7.1.12",{"version":432,"is_range":83,"range_type":400,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.2.0"]