CVE-2025-43717

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-43717

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43717.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-43717

Aliases

GHSA-w7gh-f2fm-9q8r

Published

2025-04-17T03:15:16Z

Modified

2025-04-18T03:14:18.766980Z

Summary

[none]

Details

In PEAR HTTPRequest2 before 2.7.0, multiple files in the tests directory, notably tests/network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to XSS.

References

Affected packages

Git / github.com/pear/http_request2

Affected ranges

Type: GIT
Repo: https://github.com/pear/http_request2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

07925aa77e441dba0ff0fa973a09802729cb838f

Fixed

265e05f9e08a28a38a57219516a8e4e2dfdbb147

Affected versions

v2.*

v2.2.0

v2.2.1

v2.3.0

v2.4.0

v2.4.1

v2.4.2

v2.5.0

v2.5.1

v2.6.0