Security Advisories
Vulnerabilities reported against Zend Framework, and recommendations for mitigation
- ZF2011-02: Potential SQL Injection Vector When Using PDO_MySql
- ZF2011-01: Potential XSS in Development Environment Error View Script
- ZF2010-07: Potential Security Issues in Bundled Dojo Library
- ZF2010-06: Potential XSS or HTML Injection vector in Zend_Json
- ZF2010-05: Potential XSS vector in Zend_Service_ReCaptcha_MailHide
- ZF2010-04: Potential MIME-type Injection in Zend_File_Transfer
- ZF2010-03: Potential XSS vector in Zend_Filter_StripTags when comments allowed
- ZF2010-02: Potential XSS vector in Zend_Dojo_View_Helper_Editor
- ZF2010-01: Potential XSS vectors due to inconsistent encodings
- ZF2009-02: XSS vector in Zend_Filter_StripTags
- ZF2009-01: LFI vector in Zend_View::setScriptPath() and render()