Vulnerabilities (CVE)

Filtered by vendor Yiiframework Subscribe
Filtered by product Yiiframework
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6010 1 Yiiframework 1 Yiiframework 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
CVE-2018-6009 1 Yiiframework 1 Yiiframework 2024-11-21 6.8 MEDIUM 8.8 HIGH
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
CVE-2015-3397 1 Yiiframework 1 Yiiframework 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
CVE-2014-4672 1 Yiiframework 1 Yiiframework 2024-11-21 7.5 HIGH N/A
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.