Sverre H. Huseby

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.3.2 Description: The issue is related to a cross-site scripting (XSS) flaw in the transparent SID support capability. This flaw allows remote attackers to insert arbitrary script via the `PHPSESSID` parameter. The application fails to validate `PHPSESSID` variables, which could enable a user to create a specially crafted URL that executes arbitrary code in a user's browser, leading to a loss of integrity. Recommendations: For PHP versions prior to 4.3.2, update to version 4.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `PHPSESSID` parameter to minimize the risk of exploitation. Avoid using the `PHPSESSID` parameter in sensitive operations until the issue is resolved.