CVE-2008-5814

EUVD-2008-5784
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.  NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.2.7
phpphp
1.0
phpphp
2.0
phpphp
2.0b10:b10
phpphp
3.0
phpphp
3.0.1
phpphp
3.0.2
phpphp
3.0.3
phpphp
3.0.4
phpphp
3.0.5
phpphp
3.0.6
phpphp
3.0.7
phpphp
3.0.8
phpphp
3.0.9
phpphp
3.0.10
phpphp
3.0.11
phpphp
3.0.12
phpphp
3.0.13
phpphp
3.0.14
phpphp
3.0.15
phpphp
3.0.16
phpphp
3.0.17
phpphp
3.0.18
phpphp
4.0
phpphp
4.0:beta_4_patch1
phpphp
4.0:beta1
phpphp
4.0:beta2
phpphp
4.0:beta3
phpphp
4.0:beta4
phpphp
4.0:rc1
phpphp
4.0:rc2
phpphp
4.0.0
phpphp
4.0.1
phpphp
4.0.1:patch1
phpphp
4.0.1:patch2
phpphp
4.0.2
phpphp
4.0.3
phpphp
4.0.3:patch1
phpphp
4.0.4
phpphp
4.0.4:patch1
phpphp
4.0.5
phpphp
4.0.6
phpphp
4.0.7
phpphp
4.0.7:rc1
phpphp
4.0.7:rc2
phpphp
4.0.7:rc3
phpphp
4.0.7:rc4
phpphp
4.1.0
phpphp
4.1.1
phpphp
4.1.2
phpphp
4.2
phpphp
4.2.0
phpphp
4.2.1
phpphp
4.2.2
phpphp
4.2.3
phpphp
4.3.0
phpphp
4.3.1
phpphp
4.3.2
phpphp
4.3.3
phpphp
4.3.4
phpphp
4.3.5
phpphp
4.3.6
phpphp
4.3.7
phpphp
4.3.8
phpphp
4.3.9
phpphp
4.3.10
phpphp
4.3.11
phpphp
4.4.0
phpphp
4.4.1
phpphp
4.4.2
phpphp
4.4.3
phpphp
4.4.4
phpphp
4.4.5
phpphp
4.4.6
phpphp
4.4.7
phpphp
4.4.8
phpphp
4.4.9
phpphp
5.0:rc1
phpphp
5.0:rc2
phpphp
5.0:rc3
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php4
dapper
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
php5
dapper
Fixed 5.1.2-1ubuntu3.14
released
gutsy
ignored
hardy
Fixed 5.2.4-2ubuntu5.6
released
intrepid
Fixed 5.2.6-2ubuntu4.2
released
jaunty
Fixed 5.2.6.dfsg.1-3ubuntu4.1
released
karmic
not-affected
Common Weakness Enumeration
References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://jvn.jp/en/jp/JVN50327700/index.html
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html
http://marc.info/?l=bugtraq&m=124277349419254&w=2
http://secunia.com/advisories/34830
http://secunia.com/advisories/34933
http://secunia.com/advisories/35003
http://secunia.com/advisories/35007
http://secunia.com/advisories/35108
http://www.debian.org/security/2009/dsa-1789
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.ubuntu.com/usn/USN-761-2
http://www.vupen.com/english/advisories/2009/1338
https://exchange.xforce.ibmcloud.com/vulnerabilities/47496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10501
https://usn.ubuntu.com/761-1/
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://jvn.jp/en/jp/JVN50327700/index.html
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html
http://marc.info/?l=bugtraq&m=124277349419254&w=2
http://secunia.com/advisories/34830
http://secunia.com/advisories/34933
http://secunia.com/advisories/35003
http://secunia.com/advisories/35007
http://secunia.com/advisories/35108
http://www.debian.org/security/2009/dsa-1789
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.ubuntu.com/usn/USN-761-2
http://www.vupen.com/english/advisories/2009/1338
https://exchange.xforce.ibmcloud.com/vulnerabilities/47496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10501
https://usn.ubuntu.com/761-1/