CVE-2008-5814
Published: 2 January 2009
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.
Notes
Author | Note |
---|---|
jdstrand | verified 5.2.10.dfsg.1-1ubuntu1 in 9.10 is not affected by looking at the source package |
Priority
Status
Package | Release | Status |
---|---|---|
php4 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
php5 Launchpad, Ubuntu, Debian |
dapper |
Released
(5.1.2-1ubuntu3.14)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(5.2.4-2ubuntu5.6)
|
|
intrepid |
Released
(5.2.6-2ubuntu4.2)
|
|
jaunty |
Released
(5.2.6.dfsg.1-3ubuntu4.1)
|
|
karmic |
Not vulnerable
(5.2.10.dfsg.1-1ubuntu1)
|
|
upstream |
Released
(5.2.10.dfsg.1-1ubuntu1)
|
|
Patches: upstream: http://viewcvs.php.net/viewvc.cgi/php-src/ext/standard/head.c?r1=1.84.2.1.2.8&r2=1.84.2.1.2.9&pathrev=PHP_5_2 |