CVE-2007-1454

Name of the Vulnerable Software and Affected Versions PHP version 5.2.0

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks. This is possible because the ext/filter in PHP does not properly strip HTML tags when FILTER SANITIZE STRING is used with the FILTER FLAG STRIP LOW flag, specifically with HTML containing a '<' character followed by certain whitespace characters. This can lead to a situation where the filter passes the input but it is collapsed into a valid tag, thus enabling the XSS attack.

Recommendations For PHP version 5.2.0, consider disabling the use of FILTER SANITIZE STRING with the FILTER FLAG STRIP LOW flag until a proper fix is available, or apply alternative sanitization methods to prevent XSS attacks.