Zend_Json_Encoder
was not taking into account the solidus character (/) during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON string.
CPE | Name | Operator | Version |
---|---|---|---|
zendframework/zendframework1 | lt | 1.9.7 | |
zendframework/zendframework1 | lt | 1.8.5 | |
zendframework/zendframework1 | lt | 1.7.9 |