Cross-site Scripting Vulnerability in Zend Framework Preview
CVE-2006-5900

Currently unrated

Key Information:

Vendor: Zend
Status: Zend Framework Preview
Vendor: CVE Published:; 15 November 2006

What is CVE-2006-5900?

The vulnerability in Zend Framework Preview 0.2.0 is a cross-site scripting (XSS) issue found in the sample code located at incubator/tests/Zend/Http/_files/testRedirections.php. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the application via various parameters, potentially compromising user interactions with the web application. Exploiting this vulnerability could lead to session hijacking or the execution of harmful scripts in the context of the victim's browser.

References

http://securityreason.com/securityalert/1863

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/450707/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.armorize.com/resources/vulnerDetail.php?cve_na...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2006
Vulnerability Reserved
Nov 15, 2006