Description
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Remediation
References
Related Vulnerabilities
WordPress Plugin YOP Poll Cross-Site Scripting (5.7.3)
Sqlite Use of Uninitialized Resource Vulnerability (CVE-2015-3414)
WordPress Plugin Store Locator Plus for WordPress Multiple Vulnerabilities (3.0.1)
Django Improper Input Validation Vulnerability (CVE-2019-3498)
Oracle Application Server Other Vulnerability (CVE-2005-3204)