Lucene search

OpenJS FoundationFRIENDSOFPHP:IISOFT:YII2-BOOTSTRAP:CVE-2015-3397

HistoryMay 10, 2015 - 3:43 a.m.

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

2015-05-1003:43:16

OpenJS Foundation

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.9%

JSON

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/

Affected configurations

Vulners

Node

yiisoftyii2_bootstrapRange<2.0.4

CPENameOperatorVersion
yiisoft/yii2-bootstraplt2.0.4

CPE	Name	Operator	Version
	yiisoft/yii2-bootstrap	lt	2.0.4

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.9%

JSON

Related for FRIENDSOFPHP:IISOFT:YII2-BOOTSTRAP:CVE-2015-3397