CVE-2018-6010

2018-01-22T22:29:00
ID CVE-2018-6010
Type cve
Reporter cve@mitre.org
Modified 2019-11-12T17:15:00

Description

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.