Potential Risk of CVE

CVE-2018-17082 – PHP Apache2 Component Transfer-Encoding – chunked Request Cross-Site Scripting Vulnerability

XSS vulnerabilities looks common in application world. But do not contempt this issue. A vulnerability in the php_handler function of PHP could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.

XSS attack has different ways. For instance XSS callback,…etc

PHP has confirmed the vulnerability and released software updates.

http://php.net/ChangeLog-5.php