CVE-2012-4451Cross-site Scripting in Framework

CWE-79Cross-site Scripting7 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
1.8%
top 17.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Zend FrameworkZend Technologies Zend FrameworkFedoraproject Fedora+1 more
Timeline
PublishedJan 3
Latest updateApr 23

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDzend/zend_framework< 2.0.1
CVEListV5zend_technologies/zend_framework2.0.x before 2.0.1

Also affects: Fedora 16, 17, Enterprise Linux 6.0

Patches

Patch: seclists.orgPatch: seclists.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-3rph-pvh6-rj33: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 22022-04-23
CVEList
CVE-2012-4451: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 22020-01-03
OSV
CVE-2012-4451: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 22020-01-03

💬Community

3
Bugzilla
CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) [fedora-all]2012-09-26
Bugzilla
CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) [epel-6]2012-09-26
Bugzilla
CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03)2012-09-26
CVE-2012-4451 — Cross-site Scripting in Zend Framework | cvebase