CVE-2006-0208

Publication date 13 January 2006

Last updated 24 July 2024


Ubuntu priority

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
php4 7.04 feisty Not in release
6.10 edgy
Fixed 4.4.2-1build1
6.06 LTS dapper
Fixed 4.4.2-1build1
php5 7.04 feisty
Fixed 5.2.1-0ubuntu1.4
6.10 edgy
Fixed 5.1.6-1ubuntu2.6
6.06 LTS dapper
Fixed 5.1.2-1ubuntu3.9

References

Related Ubuntu Security Notices (USN)

    • USN-261-1
    • PHP vulnerabilities
    • 10 March 2006

Other references