CVE-2008-5814

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.  NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
phpphp
𝑥
≤ 5.2.7
phpphp
1.0
phpphp
2.0
phpphp
2.0b10:b10
phpphp
3.0
phpphp
3.0.1
phpphp
3.0.2
phpphp
3.0.3
phpphp
3.0.4
phpphp
3.0.5
phpphp
3.0.6
phpphp
3.0.7
phpphp
3.0.8
phpphp
3.0.9
phpphp
3.0.10
phpphp
3.0.11
phpphp
3.0.12
phpphp
3.0.13
phpphp
3.0.14
phpphp
3.0.15
phpphp
3.0.16
phpphp
3.0.17
phpphp
3.0.18
phpphp
4.0
phpphp
4.0:beta_4_patch1
phpphp
4.0:beta1
phpphp
4.0:beta2
phpphp
4.0:beta3
phpphp
4.0:beta4
phpphp
4.0:rc1
phpphp
4.0:rc2
phpphp
4.0.0
phpphp
4.0.1
phpphp
4.0.1:patch1
phpphp
4.0.1:patch2
phpphp
4.0.2
phpphp
4.0.3
phpphp
4.0.3:patch1
phpphp
4.0.4
phpphp
4.0.4:patch1
phpphp
4.0.5
phpphp
4.0.6
phpphp
4.0.7
phpphp
4.0.7:rc1
phpphp
4.0.7:rc2
phpphp
4.0.7:rc3
phpphp
4.0.7:rc4
phpphp
4.1.0
phpphp
4.1.1
phpphp
4.1.2
phpphp
4.2
phpphp
4.2.0
phpphp
4.2.1
phpphp
4.2.2
phpphp
4.2.3
phpphp
4.3.0
phpphp
4.3.1
phpphp
4.3.2
phpphp
4.3.3
phpphp
4.3.4
phpphp
4.3.5
phpphp
4.3.6
phpphp
4.3.7
phpphp
4.3.8
phpphp
4.3.9
phpphp
4.3.10
phpphp
4.3.11
phpphp
4.4.0
phpphp
4.4.1
phpphp
4.4.2
phpphp
4.4.3
phpphp
4.4.4
phpphp
4.4.5
phpphp
4.4.6
phpphp
4.4.7
phpphp
4.4.8
phpphp
4.4.9
phpphp
5.0:rc1
phpphp
5.0:rc2
phpphp
5.0:rc3
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php4
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
ignored
php5
karmic
not-affected
jaunty
Fixed 5.2.6.dfsg.1-3ubuntu4.1
released
intrepid
Fixed 5.2.6-2ubuntu4.2
released
hardy
Fixed 5.2.4-2ubuntu5.6
released
gutsy
ignored
dapper
Fixed 5.1.2-1ubuntu3.14
released
Common Weakness Enumeration
References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://jvn.jp/en/jp/JVN50327700/index.html
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html
http://marc.info/?l=bugtraq&m=124277349419254&w=2
http://marc.info/?l=bugtraq&m=124277349419254&w=2
http://secunia.com/advisories/34830
http://secunia.com/advisories/34933
http://secunia.com/advisories/35003
http://secunia.com/advisories/35007
http://secunia.com/advisories/35108
http://www.debian.org/security/2009/dsa-1789
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.ubuntu.com/usn/USN-761-2
http://www.vupen.com/english/advisories/2009/1338
https://exchange.xforce.ibmcloud.com/vulnerabilities/47496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10501
https://usn.ubuntu.com/761-1/
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://jvn.jp/en/jp/JVN50327700/index.html
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html
http://marc.info/?l=bugtraq&m=124277349419254&w=2
http://marc.info/?l=bugtraq&m=124277349419254&w=2
http://secunia.com/advisories/34830
http://secunia.com/advisories/34933
http://secunia.com/advisories/35003
http://secunia.com/advisories/35007
http://secunia.com/advisories/35108
http://www.debian.org/security/2009/dsa-1789
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.ubuntu.com/usn/USN-761-2
http://www.vupen.com/english/advisories/2009/1338
https://exchange.xforce.ibmcloud.com/vulnerabilities/47496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10501
https://usn.ubuntu.com/761-1/