The Zend Framework team reports:
Potential XSS or HTML Injection vector in Zend_Json.
Potential XSS vector in Zend_Service_ReCaptcha_MailHide.
Potential MIME-type Injection in Zend_File_Transfer Executive Summary.
Potential XSS vector in Zend_Filter_StripTags when comments allowed.
Potential XSS vector in Zend_Dojo_View_Helper_Editor.
Potential XSS vectors due to inconsistent encodings.
XSS vector in Zend_Filter_StripTags.
LFI vector in Zend_View::setScriptPath() and render().