Description

The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

Remediation

References

CVE-2007-5898

Related Vulnerabilities

Oracle Database Server CVE-2009-1021 Vulnerability (CVE-2009-1021)

WordPress Plugin WP Customer Area Cross-Site Scripting (7.4.2)

Drupal Improper Authentication Vulnerability (CVE-2010-3686)

MySQL CVE-2024-21049 Vulnerability (CVE-2024-21049)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43716)

Severity

Medium

Classification

CVE-2007-5898

Tags

Missing Update Known Vulnerabilities