Описание
Zendframework potential Cross-site Scripting vector in Zend_Service_ReCaptcha_MailHide
Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially crafted multibyte string as an attack via the CAPTCHA's email argument
Пакеты
Наименование
zendframework/zendframework1
composer
Затронутые версииВерсия исправления
>= 1.7.0, < 1.7.9
1.7.9
Наименование
zendframework/zendframework1
composer
Затронутые версииВерсия исправления
>= 1.8.0, < 1.8.5
1.8.5
Наименование
zendframework/zendframework1
composer
Затронутые версииВерсия исправления
>= 1.9.0, < 1.9.7
1.9.7
6.1 Medium
CVSS3
Дефекты
CWE-79
6.1 Medium
CVSS3
Дефекты
CWE-79