zendframework/zend-view is vulnerable to cross-site scripting (XSS). The vulnerability is due to many view helpers using escapeHtml() instead of the more appropriate escapeHtmlAttr() for escaping HTML attributes, which can lead to potential XSS attack vectors when user data and/or JavaScript is used to seed attributes.