Vulnerabilities (CVE)

Filtered by vendor Yiiframework Subscribe
Filtered by product Gii
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34297 1 Yiiframework 1 Gii 2024-11-21 N/A 5.4 MEDIUM
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.
CVE-2020-36655 1 Yiiframework 1 Gii 2024-11-21 N/A 8.8 HIGH
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.