Name of the Vulnerable Software and Affected Versions Framework (affected versions not specified)

Description A low-level XSS issue has been found in the Framework, affecting HTTP redirection via the Director::force redirect method. This issue occurs when attempts to redirect to a URL may generate HTML that is not safely escaped, posing a risk of XSS in some environments. The difficulty of exploitation is noted as low because any injected HTML will only be returned from the server if the Location HTTP header is also sent, meaning user exposure is limited as browsers redirect before displaying the response body.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.