CVE-2009-4142

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.12

Description The issue concerns the htmlspecialchars function, which does not properly handle certain sequences, including overlong UTF-8 sequences, invalid Shift JIS sequences, and invalid EUC-JP sequences. This allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.

Recommendations For PHP versions prior to 5.2.12, update to version 5.2.12 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user input to minimize the risk of XSS attacks. Restrict the use of special characters in user input until the issue is resolved.