PHP 'display_errors' Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with PHP and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to latest version of PHP, http://www.php.net/downloads.php

Insight

The flaw is due to an error in handling 'display_errors', when display_errors is set to on and html_errors is set to on.

Affected

PHP versions 5.3.10 and 5.4.0

Detection

Get the installed version of PHP with the help of detect NVT and check the version is vulnerable or not.

References

http://dl.packetstormsecurity.net/1204-exploits/php-xss.txt
http://packetstormsecurity.com/files/111695/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities