PHP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-6735

In PHP versions 8.2. before 8.2.31 8.3. before 8.3.31 8.4. before 8.4.21 8.5. before 8.5.6 due to improper sanitation of user data itallows an attacker to compose an URL which will cause the target to execute arbitrary JavaScript code (XSS) on the target39s machine when the target is viewing thePHP-FPM status page.