CVE-2015-1039
CVE-2015-1039 affects ZF-Commons ZfcUser before 1.2.2, in which the login redirect parameter (redirect) is vulnerable to XSS via user/login.phtml. The root cause is missing escaping of the URL parameter, allowing an attacker to inject arbitrary script/HTML. Public references (GHSA/FriendsofPHP ad...