CVE-2014-4913Cross-site Scripting in Framework

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 35.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Zend FrameworkZendframeworkDebian Linux
Timeline
PublishedDec 15
Latest updateMay 17

Description

ZF2014-03 has a potential cross site scripting vector in multiple view helpers

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDzend/zend_framework2.3.02.3.1+1
CVEListV5zendframework/zendframeworkFixed: Zend Framework 2.2.7, Zend Framework 2.3.1+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

2
GHSA
GHSA-cj7x-pmqr-fc9p: ZF2014-03 has a potential cross site scripting vector in multiple view helpers2022-05-17
CVEList
CVE-2014-4913: ZF2014-03 has a potential cross site scripting vector in multiple view helpers2019-12-15
CVE-2014-4913 — Cross-site Scripting in Zend Framework | cvebase