XSS vulnerabilities looks common in application world. But do not contempt this issue. A vulnerability in the php_handler function of PHP could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
XSS attack has different ways. For instance XSS callback,…etc
PHP has confirmed the vulnerability and released software updates.