Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when the target is viewing the PHP-FPM status page.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 13 | | =8.4.11-1 || =8.4.16-1 || =8.4.16-1~deb13u1 || =8.4.20-1 || >=0 <8.4.21-1~deb13u1 | 8.4.21-1~deb13u1 |
debian 11 | | =7.4.21-1+deb11u1 || =7.4.25-1+deb11u1 || =7.4.26-1 || =7.4.28-1+deb11u1 || =7.4.30-1+deb11u1 || =7.4.33-1+deb11u1 || =7.4.33-1+deb11u10 || =7.4.33-1+deb11u3 || =7.4.33-1+deb11u4 || =7.4.33-1+deb11u5 || =7.4.33-1+deb11u6 || =7.4.33-1+deb11u7 || =7.4.33-1+deb11u8 || =7.4.33-1+deb11u9 || >=0 <7.4.33-1+deb11u11 | 7.4.33-1+deb11u11 |
debian 12 | | =8.2.10-1 || =8.2.10-2 || =8.2.12-1 || =8.2.16-1 || =8.2.16-2 || =8.2.17-1 || =8.2.18-1 || =8.2.18-1~deb12u1 || =8.2.20-1~deb12u1 || =8.2.20-2 || =8.2.20-3 || =8.2.21-1 || =8.2.23-1 || =8.2.24-1 || =8.2.24-1~deb12u1 || =8.2.26-1~deb12u1 || =8.2.26-4 || =8.2.27-1 || =8.2.28-1~deb12u1 || =8.2.29-1~deb12u1 || =8.2.30-1~deb12u1 || =8.2.5-2 || =8.2.7-1 || =8.2.7-1.1 || =8.2.7-1.2 || =8.2.7-1~deb12u1 || >=0 <8.2.31-1~deb12u1 | 8.2.31-1~deb12u1 |
debian 14 | | =8.4.11-1 || =8.4.16-1 || =8.4.16-1~deb13u1 || =8.4.20-1 || =8.4.21-1~deb13u1 || >=0 <8.4.21-1 | 8.4.21-1 |
 rpm rhel9 | | - | - |
rpm rhel10 | | | 0:8.3.31-1.el10_2 |
rpm rhel7 | | - | - |
rpm rhel6 | | - | - |
rpm rhel8 | | - | - |
rpm rhel10 | | | 0:8.4.21-1.el10_2 |
