Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1weHFqLXhydjUtcXZqZs4AAw6i

XML-RPC for PHP's debugger vulnerable to possible XSS attack

The bundled xml-rpc debugger is susceptible to XSS attacks.

Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in the default configuration it is not exposed to requests from the web, the likelihood of exploitation may be low.

Permalink: https://github.com/advisories/GHSA-pxqj-xrv5-qvjf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1weHFqLXhydjUtcXZqZs4AAw6i
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: almost 2 years ago


Identifiers: GHSA-pxqj-xrv5-qvjf
References: Repository: https://github.com/gggeek/phpxmlrpc
Blast Radius: 0.0

Affected Packages

packagist:phpxmlrpc/phpxmlrpc
Dependent packages: 43
Dependent repositories: 124
Downloads: 3,571,577 total
Affected Version Ranges: < 4.9.2
Fixed in: 4.9.2
All affected versions: 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.1.2, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.7.0, 4.7.1, 4.7.2, 4.8.0, 4.8.1, 4.9.0, 4.9.1
All unaffected versions: 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.11.0