5 matches found
HTTP Multiline Header Termination Vulnerability
The package laminas/laminas-diactoros Diactoros is a PSR-7 HTTP Message and PSR-17 HTTP Message Factory implementation, providing HTTP request and response message representations both for making HTTP client requests and responding to HTTP requests server-side. Affected versions of Diactoros...
HTTP Host Header Attack Vulnerabilities
The package laminas/laminas-diactoros Diactoros is a PSR-7 HTTP Message and PSR-17 HTTP Message Factory implementation, providing HTTP request and response message representations both for making HTTP client requests and responding to HTTP requests server-side. When responding to an incoming...
Reflected XSS vectors in laminas/laminas-form
The package laminas/laminas-form contains a laminas/laminas-view view helper for emitting form element, fieldset, and/or form validation errors, formElementError. Validation messages can contain the original input, potentially resulting in a Reflected XSS vulnerability. Affected versions...
XSS vectors in laminas-api-tools/api-tools
The package laminas-api-tools/api-tools bundles a number of javascript assets for purposes of providing an adminstration GUI and/or landing page. Some of these assets had reported XSS cross-site scripting vulnerabilities: Affected versions laminas-api-tools/api-tools versions prior to 1.4.1. Acti...
XSS and RCE vectors in laminas-api-tools/api-tools-documentation-swagger
The package laminas-api-tools/api-tools-documentation-swagger bundles a number of javascript assets for purposes of providing API documentation. Some of these assets had reported XSS cross-site scripting and RCE remote code execution vulnerabilities: Affected versions...