Lucene search

K

GoogleOSV:GHSA-J543-VG33-G6VJ

HistoryJun 07, 2024 - 9:11 p.m.

ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`

2024-06-0721:11:29

Google

osv.dev

zendframework

cross-site scripting

zend_dojo_view_helper_editor

security implications

rich text editor

7.1 High

AI Score

Confidence

High

Zend_Dojo_View_Helper_Editor was incorrectly decorating a TEXTAREA instead of a DIV. The Dojo team has reported that this has security implications as the rich text editor they use is unable to escape content for a TEXTAREA.

References

framework.zend.com/security/advisory/ZF2010-02

github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2010-02.yaml

github.com/zendframework/zf1

7.1 High

AI Score

Confidence

High