NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-6735

Summary	In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when the target is viewing the PHP-FPM status page.
Publication Date	May 10, 2026, 2:16 p.m.
Registration Date	May 11, 2026, 4:08 a.m.
Last Update	May 10, 2026, 2:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/php/php-src/security/advisories/GHSA-7qg2-v9fj-4mwv	security@php.net

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html