Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-6010 | 1 Yiiframework | 1 Yiiframework | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php. | |||||
CVE-2018-6009 | 1 Yiiframework | 1 Yiiframework | 2018-02-09 | 6.8 MEDIUM | 8.8 HIGH |
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | |||||
CVE-2015-3397 | 1 Yiiframework | 1 Yiiframework | 2016-12-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7. | |||||
CVE-2014-4672 | 1 Yiiframework | 1 Yiiframework | 2014-07-23 | 7.5 HIGH | N/A |
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property. |