Vulnerabilities > Zend > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-24 | CVE-2020-8985 | Cross-site Scripting vulnerability in Zend Zendto ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | 8.8 |
| 2020-03-24 | CVE-2020-8984 | Origin Validation Error vulnerability in Zend Zendto lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. | 7.5 |
| 2017-10-10 | CVE-2015-7503 | Key Management Errors vulnerability in Zend Framework Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. | 7.5 |
| 2017-06-08 | CVE-2015-1786 | Cross-Site Request Forgery (CSRF) vulnerability in Zend Framework Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers. | 8.8 |
| 2016-06-07 | CVE-2015-5723 | Permissions, Privileges, and Access Controls vulnerability in multiple products Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. | 7.8 |