CVE-2006-0208

N/A Unknown

Published: January 13, 2006 Modified: April 16, 2026

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc

Source: cve@mitre.org

http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2006-0276.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2006-0549.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/18431

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/18697

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/19012

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/19179

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/19355

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/19832

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/20210

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/20222

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/20951

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21252

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/21564

Source: cve@mitre.org

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml

Source: cve@mitre.org

Patch Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2006:028

Source: cve@mitre.org

http://www.php.net/ChangeLog-4.php#4.4.2

Source: cve@mitre.org

http://www.php.net/release_5_1_2.php

Source: cve@mitre.org

Patch

http://www.redhat.com/support/errata/RHSA-2006-0501.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/16803

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2006/0177

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2006/0369

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2006/2685

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10064

Source: cve@mitre.org

https://usn.ubuntu.com/261-1/

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc