VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jul 27, 2004· Updated Apr 16, 2026

CVE-2004-0595

CVE-2004-0595

Description

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Affected products

38
  • Avaya/Integrated Management
    cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:*
  • PHP/PHP25 versions
    cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*+ 24 more
    • cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
  • Avaya/Converged Communications Server
    cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*
  • Avaya/S83002 versions
    cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*
  • Avaya/S85002 versions
    cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*
  • Avaya/S87002 versions
    cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*
  • Red Hat/Fedora Core2 versions
    cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • Trustix/Secure Linux3 versions
    cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

18

News mentions

0

No linked articles in our index yet.