CVE-2008-5814

Published: 02 January 2009

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.

Priority

Low

Status

Package Release Status
php4
Launchpad, Ubuntu, Debian
Upstream Needs triage

php5
Launchpad, Ubuntu, Debian
Upstream
Released (5.2.10.dfsg.1-1ubuntu1)
Patches:
Upstream: http://viewcvs.php.net/viewvc.cgi/php-src/ext/standard/head.c?r1=1.84.2.1.2.8&r2=1.84.2.1.2.9&pathrev=PHP_5_2