← volver
CVE-2012-4451

CVE-2012-4451

EPSS 1.4%
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
Productos afectados
Zend Technologies · Zend Framework

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://framework.zend.com/security/advisory/ZF2012-03https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10https://bugs.gentoo.org/show_bug.cgi?id=436210https://bugzilla.redhat.com/show_bug.cgi?id=860738http://seclists.org/oss-sec/2012/q3/571http://seclists.org/oss-sec/2012/q3/573https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733http://www.securityfocus.com/bid/55636