Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-36655 | 1 Yiiframework | 1 Gii | 2023-01-30 | N/A | 8.8 HIGH |
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file. | |||||
CVE-2022-34297 | 1 Yiiframework | 1 Gii | 2022-12-12 | N/A | 5.4 MEDIUM |
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. |