GHSA-ww6p-q26w-fr6m: phpxmlrpc/extra XSS in class documenting_xmlrpc_server

May 20, 2024

Versions preceding 0.6.1 of the phpxmlrpc/extras project are susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability exists within the class documenting_xmlrpc_server when processing the GET methodName parameter.

References

github.com/FriendsOfPHP/security-advisories/blob/master/phpxmlrpc/extras/2017-10-29.yaml
github.com/advisories/GHSA-ww6p-q26w-fr6m
github.com/gggeek/phpxmlrpc-extras
github.com/gggeek/phpxmlrpc-extras/commit/65c336e3def9ce71b3e799104d3a6ad15668ddb0
github.com/gggeek/phpxmlrpc-extras/releases/tag/0.6.1

Code Behaviors & Features

Detect and mitigate GHSA-ww6p-q26w-fr6m with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →