CVE-2012-4451

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
References
Link Resource
http://framework.zend.com/security/advisory/ZF2012-03 Vendor Advisory
http://seclists.org/oss-sec/2012/q3/571 Mailing List Patch Third Party Advisory
http://seclists.org/oss-sec/2012/q3/573 Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/55636 Third Party Advisory VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10 Mailing List Third Party Advisory
https://bugs.gentoo.org/show_bug.cgi?id=436210 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=860738 Issue Tracking Patch Third Party Advisory
https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733 Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-01-03 17:15

Updated : 2023-12-10 13:13


NVD link : CVE-2012-4451

Mitre link : CVE-2012-4451

CVE.ORG link : CVE-2012-4451


JSON object : View

Products Affected

fedoraproject

  • fedora

zend

  • zend_framework

redhat

  • enterprise_linux
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')