Medium severity6.1NVD Advisory· Published Aug 25, 2017· Updated May 13, 2026
CVE-2015-3257
CVE-2015-3257
Description
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zendframework/zend-diactorosPackagist | >= 1.0.0, < 1.0.4 | 1.0.4 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.securityfocus.com/bid/75466nvdThird Party AdvisoryVDB EntryWEB
- framework.zend.com/security/advisory/ZF2015-05nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-rh3c-7wqx-6w95ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-3257ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-diactoros/CVE-2015-3257.yamlghsaWEB
News mentions
0No linked articles in our index yet.