Cross-Site Scripting Vulnerability in Zend Server by Zend Technologies
CVE-2018-10230

6.1MEDIUM

Key Information:

Vendor: Zend
Status: Zend Server
Vendor: CVE Published:; 19 April 2018

What is CVE-2018-10230?

Zend Server prior to version 9.1.3 is susceptible to a cross-site scripting (XSS) vulnerability due to improper sanitization of user input. This flaw allows unauthenticated attackers to execute arbitrary JavaScript in the context of the user’s session, potentially leading to data theft, session hijacking, or redirecting users to malicious sites. It is essential for administrators to upgrade to the latest version of Zend Server to mitigate this risk and enhance the security posture of their applications.

References

https://www.synacktiv.com/ressources/zend_server_9_1_3_xs...

x_refsource_MISC

https://www.zend.com/en/products/server/release-notes

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Apr 19, 2018