Cross-site scripting in PHP - CVE-2008-5814
Published: October 30, 2018 / Updated: June 8, 2025
Vulnerability identifier: #VU110330
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2008-5814
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
Vulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in PHP, possibly 5.2.7 and earlier, when display_errors is enabled,. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
How to mitigate CVE-2008-5814
Install update from vendor's website.
Sources
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
- http://jvn.jp/en/jp/JVN50327700/index.html
- http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html
- http://marc.info/?l=bugtraq&m=124277349419254&w=2
- http://secunia.com/advisories/34830
- http://secunia.com/advisories/34933
- http://secunia.com/advisories/35003
- http://secunia.com/advisories/35007
- http://secunia.com/advisories/35108
- http://www.debian.org/security/2009/dsa-1789
- http://www.redhat.com/support/errata/RHSA-2009-0350.html
- http://www.ubuntu.com/usn/USN-761-2
- http://www.vupen.com/english/advisories/2009/1338
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47496
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10501
- https://usn.ubuntu.com/761-1/