Lucene search

K

Veracode Vulnerability DatabaseVERACODE:21326

HistoryAug 20, 2019 - 12:10 a.m.

Cross-site Scripting (XSS)

2019-08-2000:10:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

34

0.62 Medium

EPSS

Percentile

97.8%

PHP is vulnerable to reflected XSS vulnerability. An attack can inject a malicious script on PHAR 403 and 404 error pages through request data of a request for a .phar file. It is possible due to an incomplete fix of CVE-2018-5712.

CPENameOperatorVersion
rh-php71-phpeq7.1.8__1.el7
phpeq5.4.16__36.ael7b_1
phpeq5.4.16__46.1.el7_7
phpeq5.4.16__46.el7
php5:3.4eq5.6.31-r0
phple5.3.6.2

References

php.net/ChangeLog-5.php

php.net/ChangeLog-7.php

www.securitytracker.com/id/1040807

access.redhat.com/errata/RHSA-2019:2519

access.redhat.com/security/updates/classification/#moderate

bugs.php.net/bug.php?id=76129

lists.debian.org/debian-lts-announce/2018/05/msg00004.html

lists.debian.org/debian-lts-announce/2018/06/msg00005.html

security.netapp.com/advisory/ntap-20180607-0003/

usn.ubuntu.com/3646-1/

usn.ubuntu.com/3646-2/

www.debian.org/security/2018/dsa-4240

www.tenable.com/security/tns-2018-12

0.62 Medium

EPSS

Percentile

97.8%

Related for VERACODE:21326