Description

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.

Remediation

References

CVE-2002-1954

Related Vulnerabilities

Oracle JRE CVE-2012-1532 Vulnerability (CVE-2012-1532)

WordPress Plugin BP Portfolio Cross-Site Scripting (1.0.2)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Privilege Escalation (5.8.9)

WordPress Plugin WP Database Backup Cross-Site Scripting (5.1.1)

WordPress Plugin WP Post to PDF Cross-Site Scripting (2.3.1)

Severity

Medium

Classification

CVE-2002-1954

Tags

Missing Update Known Vulnerabilities