6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-m7hr-j867-3f34

GHSA-m7hr-j867-3f34: ZendFramework has potential Cross-site Scripting vector in multiple view helpers

Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack vectors.

Vulnerable view helpers include:

All Zend\Form view helpers.
Most Zend\Navigation (aka Zend\View\Helper\Navigation\*) view helpers.
All "HTML Element" view helpers: htmlFlash(), htmlPage(), htmlQuickTime().
Zend\View\Helper\Gravatar

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-m7hr-j867-3f34

GHSA-m7hr-j867-3f34:

6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
zendframework/zend-view	composer	>= 2.0.0, < 2.2.7	2.2.7
zendframework/zend-view	composer	>= 2.3.0, < 2.3.1	2.3.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from using HTML body escaping (escapeHtml) instead of attribute-specific escaping (escapeHtmlAttr). Commit diffs show:

AbstractHelper's createAttributesString was escaping values with escapeHtml
AbstractHtmlElement's htmlAttribs used escapeHtml for values
Navigation Menu helpers directly interpolated user-controlled class names These functions handle HTML attribute construction and were missing context-aware escaping, making them XSS vectors when user input is involved in attributes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.1

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-m7hr-j867-3f34: ZendFramework has potential Cross-site Scripting vector in multiple view helpers

GHSA-m7hr-j867-3f34:

6.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

6.1

6.1

Technical Details

GHSA-m7hr-j867-3f34: ZendFramework has potential Cross-site Scripting vector in multiple view helpers

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI