Name of the Vulnerable Software and Affected Versions: Zend Framework versions prior to 1.11.4

Description: The default error handling view script generated using Zend Tool in the "development" configuration environment failed to escape request parameters, providing a potential XSS attack vector. This issue was addressed by patching Zend Tool Project Context Zf ViewScriptFile to call the escape() method on dumped request variables, ensuring that request variables are escaped appropriately for the browser.

Recommendations: For versions prior to 1.11.4, update to version 1.11.4 to include the patch that adds escaping to the generated error/error.phtml view script. For previously generated error view scripts, manually apply the necessary changes to escape request variables, such as calling the escape() method on dumped request variables.