Lucene search
Veracode Vulnerability DatabaseVERACODE:47651HistoryJun 19, 2024 - 10:55 a.m.
Cross-site Scripting (XSS)
2024-06-1910:55:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
cross-site scripting
xss
zendframework/zend-view
html attributes
javascript
5.5 Medium
AI Score
Confidence
High
zendframework/zend-view is vulnerable to cross-site scripting (XSS). The vulnerability is due to many view helpers using escapeHtml() instead of the more appropriate escapeHtmlAttr() for escaping HTML attributes, which can lead to potential XSS attack vectors when user data and/or JavaScript is used to seed attributes.
5.5 Medium
AI Score
Confidence
High