Lucene search
GitHub Advisory DatabaseGHSA-J543-VG33-G6VJHistoryJun 07, 2024 - 9:11 p.m.
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`
2024-06-0721:11:29
CWE-79
GitHub Advisory Database
github.com
zendframework
potential
xss
security risk
rich text editor
7.1 High
AI Score
Confidence
High
Zend_Dojo_View_Helper_Editor was incorrectly decorating a TEXTAREA instead of a DIV. The Dojo team has reported that this has security implications as the rich text editor they use is unable to escape content for a TEXTAREA.
Affected configurations
Node
zendframeworkzendframework1Range<1.9.7
ORzendframeworkzendframework1Range<1.8.5
ORzendframeworkzendframework1Range<1.7.9
| CPE | Name | Operator | Version |
|---|---|---|---|
| zendframework/zendframework1 | lt | 1.9.7 | |
| zendframework/zendframework1 | lt | 1.8.5 | |
| zendframework/zendframework1 | lt | 1.7.9 |
7.1 High
AI Score
Confidence
High