logo

Database

Reflected cross-site scripting (XSS) In zendframework/zendframework1

Description

Zendframework potential Cross-site Scripting vector in Zend_Service_ReCaptcha_MailHide Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially crafted multibyte string as an attack via the CAPTCHA's email argument

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-4v57-pwvf-x35j

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2010-05.yaml2. https://web.archive.org/web/20210411002217/https://framework.zend.com/security/advisory/ZF2010-05

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.