CVE Vulnerabilities

CVE-2007-1454

Published: Mar 14, 2007 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a < character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.

Affected Software

Name Vendor Start Version End Version
Php Php 5.2.0 (including) 5.2.0 (including)
Php5 Ubuntu dapper *
Php5 Ubuntu devel *
Php5 Ubuntu edgy *
Php5 Ubuntu feisty *

References