First published: Thu Sep 27 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/zendframework | ||
Zend Zend Framework | <2.0.1 | |
Fedoraproject Fedora | =16 | |
Fedoraproject Fedora | =17 | |
Redhat Enterprise Linux | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2012-4451 is rated as medium with a score of 6.1.
To fix CVE-2012-4451, upgrade to Zend Framework version 2.0.1 or later.
CVE-2012-4451 allows remote attackers to inject arbitrary web script or HTML through multiple entry points.
CVE-2012-4451 affects Zend Framework versions prior to 2.0.1.
CVE-2012-4451 involves multiple cross-site scripting (XSS) vulnerabilities.