VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-thm9-zypf-kkek

Essentials
Severities (22)
References (12)
Severity details (22)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-thm9-zypf-kkek
Aliases	GHSA-5gmf-3c43-q73v
Summary	ZendFramework vulnerable to Cross-site Scripting `Zend\Debug`, `Zend\Feed\PubSubHubbub`, `Zend\Log\Formatter\Xml`, `Zend\Tag\Cloud\Decorator`, `Zend\Uri`, `Zend\View\Helper\HeadStyle, Zend\View\Helper\Navigation\Sitemap`, and `Zend\View\Helper\Placeholder\Container\AbstractStandalone` were not using `Zend\Escaper` when escaping HTML, HTML attributes, and/or URLs. While most were performing some escaping, because they were not using context-appropriate escaping mechanisms, they could potentially be exploited to perform Cross Site Scripting (XSS) attacks.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	6.1	https://framework.zend.com/security/advisory/ZF2012-03
generic_textual	MODERATE	https://framework.zend.com/security/advisory/ZF2012-03
cvssv3.1	6.1	https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2012-03.yaml
generic_textual	MODERATE	https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2012-03.yaml
cvssv3.1	6.1	https://github.com/zendframework/zendframework
generic_textual	MODERATE	https://github.com/zendframework/zendframework
cvssv3.1	6.1	https://github.com/zendframework/zendframework/commit/07d847b705911da6a15257f64895f69cab7ad50c
generic_textual	MODERATE	https://github.com/zendframework/zendframework/commit/07d847b705911da6a15257f64895f69cab7ad50c
cvssv3.1	6.1	https://github.com/zendframework/zendframework/commit/0a78cb2b633a618ac514eadef2c19ef78b1e12f2
generic_textual	MODERATE	https://github.com/zendframework/zendframework/commit/0a78cb2b633a618ac514eadef2c19ef78b1e12f2
cvssv3.1	6.1	https://github.com/zendframework/zendframework/commit/27131ca9520bdf1d4c774c71459eba32f2b10733
generic_textual	MODERATE	https://github.com/zendframework/zendframework/commit/27131ca9520bdf1d4c774c71459eba32f2b10733
cvssv3.1	6.1	https://github.com/zendframework/zendframework/commit/6791343f8c8cd1948315a87eb15e16b57e08bc71
generic_textual	MODERATE	https://github.com/zendframework/zendframework/commit/6791343f8c8cd1948315a87eb15e16b57e08bc71
cvssv3.1	6.1	https://github.com/zendframework/zendframework/commit/6f57175753a238388b4811b9b0786b6d5866a208
generic_textual	MODERATE	https://github.com/zendframework/zendframework/commit/6f57175753a238388b4811b9b0786b6d5866a208
cvssv3.1	6.1	https://github.com/zendframework/zendframework/commit/7f48d9edf82bcd7ece9d189d836682be83d08e91
generic_textual	MODERATE	https://github.com/zendframework/zendframework/commit/7f48d9edf82bcd7ece9d189d836682be83d08e91
cvssv3.1	6.1	https://github.com/zendframework/zendframework/commit/a36406ddea52fd294b291310be00c526df6b713a
generic_textual	MODERATE	https://github.com/zendframework/zendframework/commit/a36406ddea52fd294b291310be00c526df6b713a
cvssv3.1	6.1	https://github.com/zendframework/zendframework/commit/ad3628bc2c05c297af4492330885d49f373e1e91
generic_textual	MODERATE	https://github.com/zendframework/zendframework/commit/ad3628bc2c05c297af4492330885d49f373e1e91

Reference id	Reference type	URL
		https://framework.zend.com/security/advisory/ZF2012-03
		https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2012-03.yaml
		https://github.com/zendframework/zendframework
		https://github.com/zendframework/zendframework/commit/07d847b705911da6a15257f64895f69cab7ad50c
		https://github.com/zendframework/zendframework/commit/0a78cb2b633a618ac514eadef2c19ef78b1e12f2
		https://github.com/zendframework/zendframework/commit/27131ca9520bdf1d4c774c71459eba32f2b10733
		https://github.com/zendframework/zendframework/commit/6791343f8c8cd1948315a87eb15e16b57e08bc71
		https://github.com/zendframework/zendframework/commit/6f57175753a238388b4811b9b0786b6d5866a208
		https://github.com/zendframework/zendframework/commit/7f48d9edf82bcd7ece9d189d836682be83d08e91
		https://github.com/zendframework/zendframework/commit/a36406ddea52fd294b291310be00c526df6b713a
		https://github.com/zendframework/zendframework/commit/ad3628bc2c05c297af4492330885d49f373e1e91
GHSA-5gmf-3c43-q73v		https://github.com/advisories/GHSA-5gmf-3c43-q73v

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://framework.zend.com/security/advisory/ZF2012-03

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2012-03.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/zendframework/zendframework

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/zendframework/zendframework/commit/07d847b705911da6a15257f64895f69cab7ad50c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/zendframework/zendframework/commit/0a78cb2b633a618ac514eadef2c19ef78b1e12f2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/zendframework/zendframework/commit/27131ca9520bdf1d4c774c71459eba32f2b10733

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/zendframework/zendframework/commit/6791343f8c8cd1948315a87eb15e16b57e08bc71

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/zendframework/zendframework/commit/6f57175753a238388b4811b9b0786b6d5866a208

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/zendframework/zendframework/commit/7f48d9edf82bcd7ece9d189d836682be83d08e91

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/zendframework/zendframework/commit/a36406ddea52fd294b291310be00c526df6b713a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/zendframework/zendframework/commit/ad3628bc2c05c297af4492330885d49f373e1e91

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:21:55.151277+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-5gmf-3c43-q73v.yml	38.6.0