ZF-Commons ZfcUser Vulnerable to XSS in Login Redirect
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Apr 25, 2024
Description
Published by the National Vulnerability Database
Jan 15, 2015
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Apr 25, 2024
Last updated
Apr 25, 2024
Cross-site scripting (XSS) vulnerability in
user/login.phtml
in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.References