Security
Headlines

Headlines Latest CVEs

Headline

GHSA-gvpp-6jrj-5pqc: Zend-Form vulnerable to Cross-site Scripting

Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack vectors.

Vulnerable view helpers include:

All Zend\Form view helpers.
Most Zend\Navigation (aka Zend\View\Helper\Navigation\*) view helpers.
All “HTML Element” view helpers: htmlFlash(), htmlPage(), htmlQuickTime().
Zend\View\Helper\Gravatar

1 year ago

#xss #git #java

Zend-Form vulnerable to Cross-site Scripting

Moderate severity GitHub Reviewed Published Jun 7, 2024 to the GitHub Advisory Database • Updated Jun 7, 2024

ghsa: Latest News

GHSA-vfpf-xmwh-8m65: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

2 days ago

GHSA-f83h-ghpp-7wcc: Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

2 days ago

GHSA-wf5f-4jwr-ppcp: Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

2 days ago

GHSA-46xp-26xh-hpqh: KubeVirt Vulnerable to Arbitrary Host File Read and Write

2 days ago

GHSA-vm2f-46xc-5jc3: AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64

2 days ago