PHP 5.6.x < 5.6.38 Transfer-Encoding Parameter XSS Vulnerability
Medium Nessus Plugin ID 117497
SynopsisThe version of PHP running on the remote web server is affected by a cross-site scripting Vulnerability.
DescriptionAccording to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.38. It is, therefore, affected by a cross-site scripting vulnerability. An attacker could leverage this vulnerability to inject malicious code which executes within the security context of the affected site.
SolutionUpgrade to PHP version 5.6.38 or later.