|Description||Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.|
|Source||CVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||low (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|php5 (PTS)||wheezy (security), wheezy||5.4.45-0+deb7u2||fixed|
The information below is based on the following data on fixed versions.
I don't know in which version this was fixed specifically, but
I've checked that the patch is present in this version