CVE-2005-3388

NameCVE-2005-3388
DescriptionCross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesCVE-2002-1954
Debian Bugs336645, 336654

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php4source(unstable)4:4.4.2-1low336645
php5source(unstable)5.1.1-1low336654

Notes

[sarge] - php4 <no-dsa> (not worth an update)
http://www.hardened-php.net/advisory_182005.77.html
fixed in CVS, estimated release of PHP5.1 to fix this issue
Search for package or bug name: Reporting problems