6.1

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-4v57-pwvf-x35j

EPSS Score

CWE

CWE-79

Published

6/7/2024

Updated

6/7/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-4v57-pwvf-x35j

GHSA-4v57-pwvf-x35j: Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`

Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially crafted multibyte string as an attack via the CAPTCHA's email argument

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-4v57-pwvf-x35j

EPSS Score

CWE

CWE-79

Published

6/7/2024

Updated

6/7/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
zendframework/zendframework1	composer	>= 1.7.0, < 1.7.9	1.7.9
zendframework/zendframework1	composer	>= 1.8.0, < 1.8.5	1.8.5
zendframework/zendframework1	composer	>= 1.9.0, < 1.9.7	1.9.7

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key issues: 1) Missing email validation and 2) Improper use of htmlentities() without encoding specification. The advisory specifically calls out htmlentities() usage as problematic. In PHP, htmlentities() defaults to ISO-8859-1 encoding unless specified, making it vulnerable to multibyte XSS when processing UTF-8 input. The _getHtml method would be responsible for generating the CAPTCHA HTML output and would contain the vulnerable htmlentities() calls on email address parts without proper encoding arguments. The high confidence comes from the direct match between the advisory description and the typical implementation pattern in Zend_Service_ReCaptcha_MailHide components.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`Z*n*_S*rvi**_R***pt***_M*il*i**` *** * pot*nti*l XSS vuln*r**ility. *u* to t** ***t t**t t** *m*il ***r*ss w*s n*v*r v*li**t**, *n* ****us* its us* o* `*tml*ntiti*s()` *i* not in*lu** t** *n*o*in* *r*um*nt, it w*s pot*nti*lly possi*l* *or * m*li*iou

Reasoning

T** vuln*r**ility st*ms *rom two k*y issu*s: *) Missin* *m*il v*li**tion *n* *) Improp*r us* o* *tml*ntiti*s() wit*out *n*o*in* sp**i*i**tion. T** **visory sp**i*i**lly **lls out *tml*ntiti*s() us*** *s pro*l*m*ti*. In P*P, *tml*ntiti*s() ****ults to

6.1

Basic Information

Concerned about an active attack path?

GHSA-4v57-pwvf-x35j: Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI