Name of the Vulnerable Software and Affected Versions: Zend Filter StripTags (affected versions not specified)

Description: The issue allows a malicious user to potentially include XSS exploits within HTML comments that would then be rendered in the final output, as Zend Filter StripTags contained an optional setting to allow whitelisting HTML comments in filtered text. This could be particularly problematic given that browsers like Microsoft Internet Explorer allow developers to create conditional functionality via HTML comments, including execution of script events and rendering of additional commented markup.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.