Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 4.0 |
Related Weaknesses (CWE)
References
- ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
- http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
- http://rhn.redhat.com/errata/RHSA-2006-0276.html
- http://rhn.redhat.com/errata/RHSA-2006-0549.htmlVendor Advisory
- http://secunia.com/advisories/18431PatchVendor Advisory
- http://secunia.com/advisories/18697PatchVendor Advisory
- http://secunia.com/advisories/19012Vendor Advisory
- http://secunia.com/advisories/19179PatchVendor Advisory
- http://secunia.com/advisories/19355PatchVendor Advisory
- http://secunia.com/advisories/19832Vendor Advisory
- http://secunia.com/advisories/20210Vendor Advisory
- http://secunia.com/advisories/20222Vendor Advisory
- http://secunia.com/advisories/20951Vendor Advisory
- http://secunia.com/advisories/21252Vendor Advisory
- http://secunia.com/advisories/21564Vendor Advisory
FAQ
What is CVE-2006-0208?
CVE-2006-0208 is a vulnerability with a CVSS score of 2.6 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP ...
How severe is CVE-2006-0208?
CVE-2006-0208 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0208?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.