Lucene search

[email protected]CVE-2009-4142

HistoryDec 21, 2009 - 4:30 p.m.

CVE-2009-4142

2009-12-2116:30:00

CWE-79

[email protected]

web.nvd.nist.gov

php

5.2.12

htmlspecialchars

xss

vulnerability

cve-2009-4142

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

8.6

Confidence

High

EPSS

0.02

Percentile

88.9%

JSON

The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.

Affected configurations

NVD

Node

phpphpRange≤5.2.11

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4

phpphpMatch4.0

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0rc1

phpphpMatch4.0rc2

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.1patch1

phpphpMatch4.0.1patch2

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.3patch1

phpphpMatch4.0.4

phpphpMatch4.0.4patch1

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.0.7rc1

phpphpMatch4.0.7rc2

phpphpMatch4.0.7rc3

phpphpMatch4.0.7rc4

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2dev

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

phpphpMatch4.4.8

phpphpMatch4.4.9

phpphpMatch5

phpphpMatch5.0rc1

phpphpMatch5.0rc2

phpphpMatch5.0rc3

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.8

phpphpMatch5.2.9

phpphpMatch5.2.10

VendorProductVersionCPE
phpphp4.0.1cpe:/a:php:php:4.0.1:patch2::
phpphp5.0.0cpe:/a:php:php:5.0.0:::
phpphp5.2.1cpe:/a:php:php:5.2.1:::
phpphp3.0.8cpe:/a:php:php:3.0.8:::
phpphp4.2.1cpe:/a:php:php:4.2.1:::
phpphp4.3.0cpe:/a:php:php:4.3.0:::
phpphp4.3.8cpe:/a:php:php:4.3.8:::
phpphp4.4.9cpe:/a:php:php:4.4.9:::
phpphp4.0.1cpe:/a:php:php:4.0.1:::
phpphp4.2.2cpe:/a:php:php:4.2.2:::

Vendor	Product	Version	CPE
php	php	4.0.1	cpe:/a:php:php:4.0.1:patch2::
php	php	5.0.0	cpe:/a:php:php:5.0.0:::
php	php	5.2.1	cpe:/a:php:php:5.2.1:::
php	php	3.0.8	cpe:/a:php:php:3.0.8:::
php	php	4.2.1	cpe:/a:php:php:4.2.1:::
php	php	4.3.0	cpe:/a:php:php:4.3.0:::
php	php	4.3.8	cpe:/a:php:php:4.3.8:::
php	php	4.4.9	cpe:/a:php:php:4.4.9:::
php	php	4.0.1	cpe:/a:php:php:4.0.1:::
php	php	4.2.2	cpe:/a:php:php:4.2.2:::