Upstream information
Description
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
NVD | |
---|---|
Base Score | 4.3 |
Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
SUSE Security Advisories:
- SUSE-SA:2007:032, published Wed, 23 May 2007 12:00:00 +0000
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 02:42:51 2013CVE page last modified: Mon Sep 9 16:43:16 2024