FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Zend Framework -- multiple vulnerabilities

Affected packages
ZendFramework < 1.9.7

Details

VuXML ID c9263916-006f-11df-94cb-0050568452ac
Discovery 2009-12-31
Entry 2010-01-11

The Zend Framework team reports:

Potential XSS or HTML Injection vector in Zend_Json.

[source]

Potential XSS vector in Zend_Service_ReCaptcha_MailHide.

[source]

Potential MIME-type Injection in Zend_File_Transfer Executive Summary.

[source]

Potential XSS vector in Zend_Filter_StripTags when comments allowed.

[source]

Potential XSS vector in Zend_Dojo_View_Helper_Editor.

[source]

Potential XSS vectors due to inconsistent encodings.

[source]

XSS vector in Zend_Filter_StripTags.

[source]

LFI vector in Zend_View::setScriptPath() and render().

[source]

References

URL http://framework.zend.com/security/advisory/ZF2009-01
URL http://framework.zend.com/security/advisory/ZF2009-02
URL http://framework.zend.com/security/advisory/ZF2010-01
URL http://framework.zend.com/security/advisory/ZF2010-02
URL http://framework.zend.com/security/advisory/ZF2010-03
URL http://framework.zend.com/security/advisory/ZF2010-04
URL http://framework.zend.com/security/advisory/ZF2010-05
URL http://framework.zend.com/security/advisory/ZF2010-06

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.