{ "threat_severity" : "Low", "public_date" : "2006-01-12T00:00:00Z", "bugzilla" : { "description" : "security flaw", "id" : "1617878", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1617878" }, "details" : [ "Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 3", "release_date" : "2006-04-25T00:00:00Z", "advisory" : "RHSA-2006:0276", "cpe" : "cpe:/o:redhat:enterprise_linux:3", "package" : "php-0:4.3.2-30.ent" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2006-04-25T00:00:00Z", "advisory" : "RHSA-2006:0276", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "php-0:4.3.9-3.12" }, { "product_name" : "Red Hat Enterprise Linux AS (Advanced Server) version 2.1", "release_date" : "2006-05-23T00:00:00Z", "advisory" : "RHSA-2006:0501", "cpe" : "cpe:/o:redhat:enterprise_linux:2.1" }, { "product_name" : "Red Hat Enterprise Linux ES version 2.1", "release_date" : "2006-05-23T00:00:00Z", "advisory" : "RHSA-2006:0501", "cpe" : "cpe:/o:redhat:enterprise_linux:2.1" }, { "product_name" : "Red Hat Enterprise Linux WS version 2.1", "release_date" : "2006-05-23T00:00:00Z", "advisory" : "RHSA-2006:0501", "cpe" : "cpe:/o:redhat:enterprise_linux:2.1" }, { "product_name" : "Red Hat Linux Advanced Workstation 2.1", "release_date" : "2006-05-23T00:00:00Z", "advisory" : "RHSA-2006:0501", "cpe" : "cpe:/o:redhat:enterprise_linux:2.1" }, { "product_name" : "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "release_date" : "2006-07-27T00:00:00Z", "advisory" : "RHSA-2006:0549", "cpe" : "cpe:/a:redhat:rhel_stronghold:4.0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2006-0208\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-0208" ], "name" : "CVE-2006-0208", "csaw" : false }