CVE-2012-4451
published 2020-01-03CVE-2012-4451: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via…
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.37%
68.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| redhat | enterprise_linux | — | — |
| zend | zend_framework | < 2.0.1 | 2.0.1 |
| zend_technologies | zend_framework | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3rph-pvh6-rj33: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2
ghsa_unreviewed·2022-04-23
CVE-2012-4451 [MEDIUM] GHSA-3rph-pvh6-rj33: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
OSV
CVE-2012-4451: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2
osv·2020-01-03·CVSS 6.1
CVE-2012-4451 [MEDIUM] CVE-2012-4451: Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) [fedora-all]
bugzilla·2012-09-26·CVSS 6.1
CVE-2012-4451 [MEDIUM] CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) [fedora-all]
CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject
Bugzilla
CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) [epel-6]
bugzilla·2012-09-26·CVSS 6.1
CVE-2012-4451 [MEDIUM] CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) [epel-6]
CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org
Bugzilla
CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03)
bugzilla·2012-09-26·CVSS 6.1
CVE-2012-4451 [MEDIUM] CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03)
CVE-2012-4451 php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03)
Multiple possibilities for cross-site scripting (XSS) flaws were corrected in upstream 2.0.1 version of Zend Framework:
[1] http://framework.zend.com/blog/zend-framework-2-0-1-released.html
More from upstream advisory - [2] http://framework.zend.com/security/advisory/ZF2012-03:
Zend\Debug, Zend\Feed\PubSubHubbub, Zend\Log\Formatter\Xml, Zend\Tag\Cloud\Decorator, Zend\Uri, Zend\View\Helper\HeadStyle, Zend\View\Helper\Navigation\Sitemap, and Zend\View\Helper\Placeholder\Container\AbstractStandalone were not using Zend\Escaper when escaping HTML, HTML attributes, and/or URLs. While most were performing some escaping, because they were not using context-appropriate escaping mechanisms, they could
http://framework.zend.com/security/advisory/ZF2012-03http://seclists.org/oss-sec/2012/q3/571http://seclists.org/oss-sec/2012/q3/573http://www.securityfocus.com/bid/55636https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10https://bugs.gentoo.org/show_bug.cgi?id=436210https://bugzilla.redhat.com/show_bug.cgi?id=860738https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733http://framework.zend.com/security/advisory/ZF2012-03http://seclists.org/oss-sec/2012/q3/571http://seclists.org/oss-sec/2012/q3/573http://www.securityfocus.com/bid/55636https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10https://bugs.gentoo.org/show_bug.cgi?id=436210https://bugzilla.redhat.com/show_bug.cgi?id=860738https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733
2020-01-03
Published