CVE-2012-4451

Name of the Vulnerable Software and Affected Versions Zend Framework versions 2.0.x through 2.0.0

Description Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified input to various components, including (1) Debug, (2) FeedPubSubHubbub, (3) LogFormatterXml, (4) TagCloudDecorator, (5) Uri, (6) ViewHelperHeadStyle, (7) ViewHelperNavigationSitemap, or (8) ViewHelperPlaceholderContainerAbstractStandalone, related to Escaper.

Recommendations For versions 2.0.x through 2.0.0, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting input to the affected components, such as Debug, FeedPubSubHubbub, LogFormatterXml, TagCloudDecorator, Uri, ViewHelperHeadStyle, ViewHelperNavigationSitemap, or ViewHelperPlaceholderContainerAbstractStandalone, until a patch is available.