Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Zend Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27888 1 Zend 1 Zendto 2021-03-09 4.3 MEDIUM 6.1 MEDIUM
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.
CVE-2015-3154 1 Zend 1 Zend Framework 2020-01-30 4.3 MEDIUM 6.1 MEDIUM
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2012-4451 3 Fedoraproject, Redhat, Zend 3 Fedora, Enterprise Linux, Zend Framework 2020-01-14 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
CVE-2014-4913 2 Debian, Zend 2 Debian Linux, Zend Framework 2019-12-19 4.3 MEDIUM 6.1 MEDIUM
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
CVE-2018-1000841 1 Zend 1 Zendto 2019-02-04 4.3 MEDIUM 6.1 MEDIUM
Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta.
CVE-2018-10230 1 Zend 1 Zend Server 2018-05-21 4.3 MEDIUM 6.1 MEDIUM
Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
CVE-2015-3257 1 Zend 1 Diactoros 2017-08-29 4.3 MEDIUM 6.1 MEDIUM
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.