Moriyoshi

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.2.12 **Description** The issue concerns the htmlspecialchars function, which does not properly handle certain sequences, including overlong UTF-8 sequences, invalid Shift JIS sequences, and invalid EUC-JP sequences. This allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. **Recommendations** For PHP versions prior to 5.2.12, update to version 5.2.12 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user input to minimize the risk of XSS attacks. Restrict the use of special characters in user input until the issue is resolved.