Search for vulnerabilities
| Vulnerability ID | VCID-qwq5-qfwx-7fad |
| Aliases |
GHSA-gwpm-pm6x-h7rj
|
| Summary | ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags` `Zend_Filter_StripTags` is a filtering class analogous to PHP's `strip_tags()` function. In addition to stripping HTML tags and selectively keeping those provided in a allowlist, it also provides the ability to allowlist specific attributes to retain per allowlisted tag. The reporter discovered that attributes that contained allowspace, and in paricular, line breaks, surrounding the attribute assignment operator would not be stripped, regardless of whether or not they were allowlisted. As examples of input affected: ``` <!-- newlines before and/or after assignment: --> <a href="http://framework.zend.com/issues" onclick = "alert('Broken'); return false;">Issues</a> ``` When passed to the following code: ``` $filter = new Zend_Filter_StripTags(array('a' => array('href'))); $value = $filter->($html); ``` then the "onclick" attribute would remain, even though it was not specified in the tag's allowlist. This could open potential cross-site scripting attack (XSS) vectors. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3.1 | 6.1 | https://framework.zend.com/security/advisory/ZF2009-02 |
| generic_textual | MODERATE | https://framework.zend.com/security/advisory/ZF2009-02 |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-gwpm-pm6x-h7rj |
| cvssv3.1 | 6.1 | https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2009-02.yaml |
| generic_textual | MODERATE | https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2009-02.yaml |
| cvssv3.1 | 6.1 | https://github.com/zendframework/zf1 |
| generic_textual | MODERATE | https://github.com/zendframework/zf1 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T16:21:54.135544+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/GHSA-gwpm-pm6x-h7rj.yml | 38.6.0 |