Gii

gii

Vendor: Yiiframework • 2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-36655 1Yiiframework 1Gii Apr 2, 2025 Jan 21, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.
CVE-2022-34297 1Yiiframework 1Gii Apr 22, 2025 Dec 9, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.