Mandriva Linux Security Advisory 2010:009: php

23

A vulnerability has been found and corrected in php:

The htmlspecialchars function in PHP before 5.2.12 does not properly
handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences,
and (3) invalid EUC-JP sequences, which allows remote attackers to
conduct cross-site scripting (XSS) attacks by placing a crafted byte
sequence before a special character (CVE-2009-4142).

The updated packages have been patched to correct this issue…

Read More