Vulnerability Bulletins

MSA-23-0007: Algebra filter XSS when filter is misconfigured

System information

Affected software PHP


di Michael Hawkins. If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.Severity/Risk:MinorVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Petr SkodaWorkaround:Ensure that if the algebra filter is enabled, it is correctly configured and functional (otherwise, ensure it is disabled).CVE

More info:

Standar resources

Property Value
CVE CVE-2023-28332.

Version history

Version Comments Date
1.0 Advisory issued 2023-04-28
Ministerio de Defensa
Presidencia española. Consejo de la Unión Europea