CVE-2006-5900

Name of the Vulnerable Software and Affected Versions Zend Framework Preview version 0.2.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via arbitrary parameters in the incubator/tests/Zend/Http/ files/testRedirections.php sample code.

Recommendations For Zend Framework Preview version 0.2.0, consider restricting access to the testRedirections.php sample code until a fix is available. As a temporary workaround, avoid using arbitrary parameters in the affected sample code to minimize the risk of exploitation.