https://www.exploit-db.com/exploits/21755
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-779

PHP（电抗器）1.2.7PL1版本存在跨站脚本漏洞。远程攻击者可以通过HTML标记的样式属性中的JavaScript注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/5569/info

php(Reactor) does not sufficiently sanitize HTML from various fields (such as in the body of a message or in profile fields). It is possible to inject arbitrary HTML and script code into these fields.

An attacker may potentially exploit this situation to cause arbitrary HTML and script code to execute in the web client of a user of a vulnerable website. The attacker-supplied code will execute in the context of the vulnerable website. 

<b style="expression(alert(document.cookie))">

来源:BID
名称:5569
链接:http://www.securityfocus.com/bid/5569
来源:XF
名称:phpreactor-style-xss(9958)
链接:http://www.iss.net/security_center/static/9958.php
来源:BUGTRAQ
名称:20020824phpReactor-Cross-SiteScriptingviaSTYLE
链接:http://archives.neohapsis.com/archives/bugtraq/2002-08/0262.html