CVE-2007-1454

Priority
Description
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the
FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows
remote attackers to conduct cross-site scripting (XSS) attacks via HTML
with a '<' character followed by certain whitespace characters, which
passes one filter but is collapsed into a valid tag, as demonstrated using
%0b.
Notes
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2020-03-18 21:56:12 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)