Описание
ZendFramework potential Cross-site Scripting vector in Zend_Dojo_View_Helper_Editor
Zend_Dojo_View_Helper_Editor was incorrectly decorating a TEXTAREA instead of a DIV. The Dojo team has reported that this has security implications as the rich text editor they use is unable to escape content for a TEXTAREA.
Пакеты
Наименование
zendframework/zendframework1
composer
Затронутые версииВерсия исправления
>= 1.7.0, < 1.7.9
1.7.9
Наименование
zendframework/zendframework1
composer
Затронутые версииВерсия исправления
>= 1.8.0, < 1.8.5
1.8.5
Наименование
zendframework/zendframework1
composer
Затронутые версииВерсия исправления
>= 1.9.0, < 1.9.7
1.9.7
6.1 Medium
CVSS3
Дефекты
CWE-79
6.1 Medium
CVSS3
Дефекты
CWE-79