VYPR
Unrated severityNVD Advisory· Published Jul 27, 2004· Updated Jun 16, 2026

CVE-2004-0595

CVE-2004-0595

Description

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

39
  • cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:*
  • PHP/PHP25 versions
    cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*+ 24 more
    • cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
  • cpe:2.3:h:avaya:converged_communications_server:2.0:*:*:*:*:*:*:*
  • Avaya/S83002 versions
    cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:avaya:s8300:r2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:h:avaya:s8300:r2.0.1:*:*:*:*:*:*:*
  • Avaya/S85002 versions
    cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:avaya:s8500:r2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:h:avaya:s8500:r2.0.1:*:*:*:*:*:*:*
  • Avaya/S87002 versions
    cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:avaya:s8700:r2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:h:avaya:s8700:r2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • Range: 4.x <=4.3.7, 5.x <=5.0.0RC3

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.