http://www.php-security.org/MOPB/MOPB-08-2007.html details a XSS vulnerability. I have found this to exist in all stable version of PHP in Gentoo. I've found the following packages effected by this: www-apps/phpwebsite (Upstream dealing with issue now) www-apps/phpmyadmin (Patched in cvs) www-apps/gallery www-apps/mediawiki There are probably others, but I haven't installed all of these to see. Reproducible: Always
*** This bug has been marked as a duplicate of bug 169372 ***