Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-0208

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

Published

2006-01-13T23:03:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.6 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0	Yes
Application	php	php	4.0.0	Yes
Application	php	php	4.0.1	Yes
Application	php	php	4.0.2	Yes
Application	php	php	4.0.3	Yes
Application	php	php	4.0.4	Yes
Application	php	php	4.0.5	Yes
Application	php	php	4.0.6	Yes
Application	php	php	4.1.0	Yes
Application	php	php	4.1.1	Yes
Application	php	php	4.1.2	Yes
Application	php	php	4.2.0	Yes
Application	php	php	4.2.1	Yes
Application	php	php	4.2.2	Yes
Application	php	php	4.2.3	Yes
Application	php	php	4.3.0	Yes
Application	php	php	4.3.1	Yes
Application	php	php	4.3.2	Yes
Application	php	php	4.3.3	Yes
Application	php	php	4.3.4	Yes
Application	php	php	4.3.5	Yes
Application	php	php	4.3.6	Yes
Application	php	php	4.3.7	Yes
Application	php	php	4.3.8	Yes
Application	php	php	4.3.9	Yes
Application	php	php	4.3.10	Yes
Application	php	php	4.3.11	Yes
Application	php	php	4.4.1	Yes
Application	php	php	4.4.2	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.0	Yes
Application	php	php	5.0.1	Yes
Application	php	php	5.0.2	Yes
Application	php	php	5.0.3	Yes
Application	php	php	5.0.4	Yes
Application	php	php	5.0.5	Yes
Application	php	php	5.1.0	Yes
Application	php	php	5.1.1	Yes

References

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc ([email protected])
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2006-0276.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2006-0549.html Vendor Advisory ([email protected])
http://secunia.com/advisories/18431 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/18697 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19012 Vendor Advisory ([email protected])
http://secunia.com/advisories/19179 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19355 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19832 Vendor Advisory ([email protected])
http://secunia.com/advisories/20210 Vendor Advisory ([email protected])
http://secunia.com/advisories/20222 Vendor Advisory ([email protected])
http://secunia.com/advisories/20951 Vendor Advisory ([email protected])
http://secunia.com/advisories/21252 Vendor Advisory ([email protected])
http://secunia.com/advisories/21564 Vendor Advisory ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml Patch, Vendor Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028 ([email protected])
http://www.php.net/ChangeLog-4.php#4.4.2 ([email protected])
http://www.php.net/release_5_1_2.php Patch ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0501.html Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/16803 Patch ([email protected])
http://www.vupen.com/english/advisories/2006/0177 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/0369 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/2685 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064 ([email protected])
https://usn.ubuntu.com/261-1/ ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc (af854a3a-2127-422b-91ae-364da2661108)
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2006-0276.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2006-0549.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18431 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18697 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19012 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19179 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19355 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19832 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20210 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20222 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20951 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21252 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21564 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:028 (af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/ChangeLog-4.php#4.4.2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.php.net/release_5_1_2.php Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0501.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16803 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0177 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0369 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2685 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/261-1/ (af854a3a-2127-422b-91ae-364da2661108)