Multiple Cross-Site Scripting Vulnerabilities in Zend Framework by Zend Technologies
CVE-2012-4451

6.1MEDIUM

Key Information:

Vendor

Zend Technologies

Status
Zend Framework
Vendor
CVE Published:
3 January 2020
đź”” Create Zend Technologies Vulnerability Alert

What is CVE-2012-4451?

Multiple cross-site scripting vulnerabilities exist in the Zend Framework version 2.0.x, allowing remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities affect various components such as Debug, Feed PubSubHubbub, Log Formatter Xml, Tag Cloud Decorator, Uri, and several View Helpers. Attackers can exploit these vulnerabilities through unspecified user input, potentially leading to unauthorized actions on behalf of users or compromise of sensitive data.

Affected Version(s)

Zend Framework 2.0.x before 2.0.1

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10
x_refsource_MISC
https://bugs.gentoo.org/show_bug.cgi?id=436210
x_refsource_MISC
http://seclists.org/oss-sec/2012/q3/571
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.