CVE-2018-1000841

Name of the Vulnerable Software and Affected Versions Zend.To versions prior to 5.15-1

Description The issue allows an attacker to execute arbitrary Javascript code in the context of the victim's browser due to a Cross Site Scripting (XSS) vulnerability in the verify.php page. This can be exploited via an HTTP POST request.

Recommendations For versions prior to 5.15-1, update to version 5.16-1 Beta or later to resolve the issue. As a temporary workaround, consider restricting access to the verify.php page to minimize the risk of exploitation.