BIT-libphp-2026-6735
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/libphp/BIT-libphp-2026-6735.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-libphp-2026-6735
- Aliases
-
- BIT-php-2026-6735
- BIT-php-min-2026-6735
- CVE-2026-6735
- Published
- 2026-05-12T08:50:23.891Z
- Modified
- 2026-05-12T10:56:37.156496723Z
- Summary
- XSS within PHP-FPM status endpoint
- Details
-
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when the target is viewing the PHP-FPM status page.
- Database specific
{ "severity": "High", "cpes": [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" ] }- References
Affected packages
Bitnami / libphp
Package
- Name
- libphp
- Purl
- pkg:bitnami/libphp
Severity
- 7.3 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:L/U:Amber CVSS Calculator