Home > Vulnerability Database > CVE-2012-4451

Mend.io Vulnerability Database

CVE-2012-4451

Date: January 3, 2020

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.

Severity Score

6.1

Related Resources (11)

Url: http://seclists.org/oss-sec/2012/q3/571

Url: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10

Url: http://framework.zend.com/security/advisory/ZF2012-03

Url: https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733

Url: http://seclists.org/oss-sec/2012/q3/573

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-4451

Url: http://www.securityfocus.com/bid/55636

Url: https://bugs.gentoo.org/show_bug.cgi?id=436210

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-4451

Url: https://bugzilla.redhat.com/show_bug.cgi?id=860738

Url: https://www.mend.io/vulnerability-database/CVE-2012-4451

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-4451

Date: January 3, 2020

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?