Vulnerability in N/a
CVE-2003-0442
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
EPSS: 0.516 (97.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- MDKSA-2003:082 (vendor-advisory, x_refsource_MANDRAKE)
- 1008653 (vdb-entry, x_refsource_SECTRACK)
- 7761 (vdb-entry, x_refsource_BID)
- CLSA-2003:691 (vendor-advisory, x_refsource_CONECTIVA)
- shh.thathost.com/secadv/2003-05-11-php.txt (x_refsource_MISC)
- DSA-351 (vendor-advisory, x_refsource_DEBIAN)
- php-session-id-xss(12259) (vdb-entry, x_refsource_XF)
- 20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) (mailing-list, x_refsource_BUGTRAQ)
- TLSA-2003-47 (vendor-advisory, x_refsource_TURBO)
- oval:org.mitre.oval:def:485 (signature, x_refsource_OVAL, vdb-entry)