|Description||Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.|
|Source||CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)|
|NVD severity||low (attack range: remote, user-initiated)|
Vulnerable and fixed packages
The table below lists information on source packages.
|php5 (PTS)||squeeze (security), squeeze||5.3.3-7+squeeze19||fixed|
The information below is based on the following data on fixed versions.
I don't know in which version this was fixed specifically, but
I've checked that the patch is present in this version