CVE-2013-4433

Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter.

Date published : 2014-03-11

http://www.securityfocus.com/bid/62928

http://pecl.php.net/package-changelog.php?package=xhprof&release=0.9.4