Description Multiple vulnerabilities have been reported in Zend Framework, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to Zend\Feed\PubSubHubbub, Zend\Log\Formatter\Xml, Zend\Tag\Cloud\Decorator, Zend\Uri, Zend\View\Helper\HeadStyle, Zend\View\Helper\Navigation\Sitemap, and Zend\View\Helper\Placeholder\Container\AbstractStandalone is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 2.0.1. Solution Update to version 2.0.1.
@maintainer: Please check if version 1.x is affected too.
https://security-tracker.debian.org/tracker/CVE-2012-4451 Says ZF1 is not vulnerable. I'm unsure if gurligebis is going to provide ZF2 in the tree but the php team has decided we won't.
(In reply to comment #2) > https://security-tracker.debian.org/tracker/CVE-2012-4451 Says ZF1 is not > vulnerable. > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10 Agreed.