Fedora Account System
Red Hat Associate
Red Hat Customer
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when the target is viewing the PHP-FPM status page.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:22143 https://access.redhat.com/errata/RHSA-2026:22143
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:22142 https://access.redhat.com/errata/RHSA-2026:22142
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:22305 https://access.redhat.com/errata/RHSA-2026:22305
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:22649 https://access.redhat.com/errata/RHSA-2026:22649
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:23388 https://access.redhat.com/errata/RHSA-2026:23388
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:33449 https://access.redhat.com/errata/RHSA-2026:33449
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:34354 https://access.redhat.com/errata/RHSA-2026:34354