Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Yiiframework Subscribe
Filtered by product Gii
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36655 1 Yiiframework 1 Gii 2023-01-30 N/A 8.8 HIGH
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.
CVE-2022-34297 1 Yiiframework 1 Gii 2022-12-12 N/A 5.4 MEDIUM
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.