Name of the Vulnerable Software and Affected Versions Zend Framework (affected versions not specified)

Description The issue concerns character encoding inconsistencies in several Zend Framework components, including Zend Form, Zend Filter, Zend Log, and Zend View. Specifically, the htmlspecialchars() and htmlentities() functions were called with undefined or hardcoded charset parameters, limiting developers' ability to set their preferred character encoding. This could potentially allow multibyte representations of special HTML characters to pass through unescaped, leaving applications vulnerable to cross-site scripting (XSS) exploits. Such exploits would be possible under specific circumstances, such as using non-typical character encodings like UTF-7, allowing users to define the character encoding, or serving HTML documents without a valid character set defined.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.