CVE-2004-0595

Name of the Vulnerable Software and Affected Versions PHP versions 4.x up to 4.3.7 PHP versions 5.x up to 5.0.0RC3

Description The issue concerns the strip tags function, which fails to filter null characters within tag names, allowing dangerous tags to be processed by web browsers like Internet Explorer and Safari. This facilitates the exploitation of cross-site scripting (XSS) vulnerabilities.

Recommendations For PHP versions 4.x up to 4.3.7, update to a version that fixes this issue. For PHP versions 5.x up to 5.0.0RC3, update to a version that fixes this issue. As a temporary workaround, consider manually filtering null characters from tag names to prevent XSS exploitation.