CVE-2012-4451

Published: Jan 3, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.

Affected (4)

Products: Zend: Zend Framework · Fedoraproject: Fedora · Redhat: Enterprise Linux

1 product

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zend Zend Framework	Before 2.0.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 16
Fedoraproject Fedora	Version 17
Redhat Enterprise Linux	Version 6.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (16)

http://framework.zend.com/security/advisory/ZF2012-03

Source: secalert@redhat.com

Vendor Advisory

http://seclists.org/oss-sec/2012/q3/571

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://seclists.org/oss-sec/2012/q3/573

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/55636

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://bugs.gentoo.org/show_bug.cgi?id=436210

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=860738

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733

Source: secalert@redhat.com

PatchThird Party Advisory

http://framework.zend.com/security/advisory/ZF2012-03

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://seclists.org/oss-sec/2012/q3/571

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://seclists.org/oss-sec/2012/q3/573

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/55636

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.gentoo.org/show_bug.cgi?id=436210

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=860738

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.