Back to search
CVE-2007-1454
Published: Mar 14, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
25056
third-party-advisory
x_refsource_SECUNIA
DSA-1283
vendor-advisory
x_refsource_DEBIAN
22914
vdb-entry
x_refsource_BID
25062
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:090
vendor-advisory
x_refsource_MANDRIVA
http://www.php-security.org/MOPB/MOPB-18-2007.html
x_refsource_MISC
SUSE-SA:2007:032
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now