CVE-2009-4142

Metadata

CVE-2009-4142
4.3
bugs.php.net, lists.apple.com, marc.info, securitytracker.com, support.apple.com, debian.org, php.net, php.net, securityfocus.com, vupen.com
2009-12-21
2017-09-21 21:09

Description

The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.

Related Vulnerabilities

platform vulnerability
CVE-2009-4142 php5
CVE-2009-4142