Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:23309
HistoryApr 10, 2020 - 12:22 a.m.

Cross-site Scripting (XSS)

2020-04-1000:22:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13

EPSS

0.011

Percentile

84.9%

php is vulnerable to cross-site scripting (XSS). The vulnerability exists as the PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped.

References