Cross-Site Scripting Vulnerability in Zend Framework by Zend Technologies
CVE-2015-3257

6.1MEDIUM

Key Information:

Vendor: Zend
Status: Diactoros
Vendor: CVE Published:; 25 August 2017

What is CVE-2015-3257?

The Zend Framework in versions prior to 1.0.4 has a security issue in the Zend/Diactoros/Uri::filterPath method. This flaw fails to properly sanitize user input for paths, enabling remote attackers to exploit this weakness. Such exploitation can result in cross-site scripting (XSS) vulnerabilities and open redirect attacks, making it critical for developers to upgrade to the corrected version to safeguard their applications.

References

https://framework.zend.com/security/advisory/ZF2015-05

x_refsource_CONFIRM

http://www.securityfocus.com/bid/75466

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2017
Vulnerability Reserved
Apr 10, 2015