CVE Request -- php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03)

[Jan Lieskovsky <jlieskov () redhat com>]

Hello Kurt, Steve, vendors,

  upstream ZendFramework 2.0.1 version corrected one occurrence
of cross-site scripting (XSS) flaw across multiple components
(improper escaping of HTML, HTML attributes and / or URLs):
[1] http://framework.zend.com/blog/zend-framework-2-0-1-released.html
[2] http://framework.zend.com/security/advisory/ZF2012-03
[3] https://bugzilla.redhat.com/show_bug.cgi?id=860738
[4] https://bugs.gentoo.org/show_bug.cgi?id=436210

Relevant upstream patch:
[5] https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

P.S.: While the aforementioned upstream [5] patch is against the 2.0.1
      branch, after backport it would be applicable also against
      ZendFramework 1 versions (relevant routines across the affected
      components - at least those I checked have same definition).