First published: Sun Dec 15 2019(Updated: )
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/zendframework | ||
Zend Zend Framework | <2.2.7 | |
Zend Zend Framework | >=2.3.0<2.3.1 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-4913 is a vulnerability in Zend Framework 2.2.7 to 2.3.1 that allows for potential cross-site scripting attacks in multiple view helpers.
CVE-2014-4913 has a severity rating of medium with a CVSS score of 6.1.
Zend Framework versions 2.2.7 to 2.3.1 and Debian Linux 8.0 are affected by CVE-2014-4913.
More information about CVE-2014-4913 can be found at the following references: http://framework.zend.com/security/advisory/ZF2014-03, https://security-tracker.debian.org/tracker/CVE-2014-4913, http://www.openwall.com/lists/oss-security/2014/07/11/4
To fix CVE-2014-4913, upgrade to a version of Zend Framework beyond 2.3.1 or apply the necessary patches provided by the vendor.