[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249982

 
 

909

 
 

195748

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-0595Date: (C)2004-07-27   (M)2023-12-22


The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null () characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-10724
http://marc.info/?l=bugtraq&m=108981780109154&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html
http://marc.info/?l=bugtraq&m=108982983426031&w=2
http://marc.info/?l=bugtraq&m=109051444105182&w=2
CLA-2004:847
DSA-531
DSA-669
GLSA-200407-13
MDKSA-2004:068
RHSA-2004:392
RHSA-2004:395
RHSA-2004:405
RHSA-2005:816
SSRT4777
SUSE-SA:2004:021
oval:org.mitre.oval:def:10619
php-strip-tag-bypass(16692)

CPE    27
cpe:/a:php:php:4.0
cpe:/a:php:php:4.0.7
cpe:/a:php:php:4.3.3
cpe:/a:php:php:4.0.6
...

© SecPod Technologies