1 results (0.003 seconds)
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3257
https://notcve.org/view.php?id=CVE-2015-3257
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. Zend/Diactoros/Uri::filterPath en zend-diactoros en versiones anteriores a la 1.0.4 no sanitiza correctamente la entrada de rutas, lo que permite que atacantes remotos realicen ataques de Cross-Site Scripting (XSS) o de redirección abierta. • http://www.securityfocus.com/bid/75466 https://framework.zend.com/security/advisory/ZF2015-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •