Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0442

6 documents6 sources
Severity
4.3MEDIUM
EPSS
51.6%
top 2.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
PHP PHPRedhat Linux
Timeline
PublishedJul 24
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDphp/php4.3.1
NVDredhat/linux8.0, 9.0+1

Patches

Patch: shh.thathost.comPatch: www.redhat.comPatch: shh.thathost.com

🔴Vulnerability Details

2
GHSA
GHSA-xx7m-rfgv-w2gg: Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 42022-04-29
CVEList
CVE-2003-0442: Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 42003-06-20

💥Exploits & PoCs

1
Exploit-DB
PHP 4.x - Transparent Session ID Cross-Site Scripting2003-05-30

📋Vendor Advisories

1
Red Hat
security flaw2003-05-11

💬Community

1
Bugzilla
CVE-2003-0442 security flaw2018-08-16
CVE-2003-0442 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io