In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
Max CVSS
7.5
EPSS Score
0.25%
Published
2018-01-22
Updated
2020-08-24
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
Max CVSS
8.8
EPSS Score
0.07%
Published
2018-01-22
Updated
2018-02-09
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
Max CVSS
4.3
EPSS Score
0.19%
Published
2015-05-14
Updated
2016-12-06
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
Max CVSS
7.5
EPSS Score
0.55%
Published
2014-07-03
Updated
2014-07-24
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!