Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

php-ZendFramework: multiple vulnerabilities

Package(s):

php-ZendFramework

CVE #(s):

Created:

January 18, 2010

Updated:

January 20, 2010

Description:

From the Zend Framework release notes for 1.97:

The following security vulnerabilities are resolved in these releases:

ZF2010-06: Potential XSS or HTML Injection vector in Zend_Json
ZF2010-05: Potential XSS vector in Zend_Service_ReCaptcha_MailHide
ZF2010-04: Potential MIME-type Injection in Zend_File_Transfer
ZF2010-03: Potential XSS vector in Zend_Filter_StripTags when comments allowed
ZF2010-02: Potential XSS vector in Zend_Dojo_View_Helper_Editor
ZF2010-01: Potential XSS vectors due to inconsistent encodings

Alerts:

Fedora	FEDORA-2010-0652	2010-01-15
Fedora	FEDORA-2010-0601	2010-01-15

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds