PHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5712)

Description

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Remediation

References

CVE-2018-5712

Related Vulnerabilities

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9518)

WordPress Plugin WP Import Export Information Disclosure (3.9.15)

b2evolution Other Vulnerability (CVE-2006-6417)

PrestaShop Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-13461)

math.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-1001002)

Severity

Medium

Classification

CVE-2018-5712 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N