Description

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.

Remediation

References

CVE-2008-5814

Related Vulnerabilities

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892)

ATutor Other Vulnerability (CVE-2015-7712)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000410)

Magento Incorrect Authorization Vulnerability (CVE-2020-9587)

GSAP CVE-2020-28478 Vulnerability (CVE-2020-28478)

Severity

Low

Classification

CVE-2008-5814 CWE-707

Tags

Missing Update Known Vulnerabilities