Yiiframework

yiiframework

Vendor: Yiiframework • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-6010 1Yiiframework 1Yiiframework Nov 21, 2024 Jan 22, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHand...Show more In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.Show less
CVE-2018-6009 1Yiiframework 1Yiiframework Nov 21, 2024 Jan 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
CVE-2015-3397 1Yiiframework 1Yiiframework May 6, 2026 May 14, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
CVE-2014-4672 1Yiiframework 1Yiiframework May 6, 2026 Jul 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.