PHP Strip_Tags() Function Bypass Vulnerability
It is reported that it is possible to bypass PHPs strip_tags() function.
It is reported that under certain circumstances, PHPs strip_tags() function will improperly leave malformed tags in place.
This vulnerability may mean that previously presumed-safe web applications could contain multiple cross-site scripting and HTML injection vulnerabilities when viewed by Microsoft Internet Explorer or Apple Safari web browsers.
It is reported that 'magic_quotes_gpc' must be off for PHP to be vulnerable to this issue.