Showing 1 - 1 of 1

CVE-2004-0595

Status Candidate

Overview

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Related Files

php_strip_tags_css.txt: Posted Jul 14, 2004; Authored by Stefan Esser | Site security.e-matters.de; PHP strip_tags() bypass vulnerability may allow for Cross-site scripting attacks launched via websites that run PHP and depend on strip_tags() for security. The attack requires a vulnerable browser such as IE, Safari, or Mozilla in order to work.; tags | advisory, php, xss, bypass; advisories | CVE-2004-0595; SHA-256 | d66c97661142fe3d557417694547c784d192d272603cbc2f590fd731fd0ddf21; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 144 files
Ubuntu 96 files
indoushka 37 files
Debian 24 files
nu11secur1ty 17 files
Gentoo 13 files
Apple 13 files
Google Security Research 8 files
CraCkEr 6 files
mjurczyk 4 files

File Archives

Systems

AIX (428)
Apple (2,016)
BSD (374)
CentOS (57)
Cisco (1,925)
Debian (6,846)
Fedora (1,692)
FreeBSD (1,245)
Gentoo (4,335)
HPUX (879)
iOS (355)
iPhone (108)
IRIX (220)
Juniper (68)
Linux (46,841)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,925)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,949)
UNIX (9,317)
UnixWare (186)
Windows (6,590)
Other

CVE-2004-0595

Overview

Related Files

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems